Automotive manufacturer Škoda has confirmed a data breach affecting customer personal information following a cyberattack on its official online shop. According to the company, attackers gained temporary unauthorized access to the system by exploiting a vulnerability in the e-commerce platform’s software.

Škoda officially stated that the incident was identified during routine security monitoring activities. According to the company, potentially compromised information may include:

• Сustomer names
• Physical addresses
• Email addresses
• Phone numbers
• Order details
• User account information
• Password hashes

Credit card data remained unaffected, as all payment information is processed exclusively by external payment providers and is not stored within Škoda systems.

The company also noted that it is currently unable to determine whether the data was copied or to assess the exact scope of the incident, although unauthorized access to the data was technically possible. The number of potentially affected individuals has not yet been disclosed.

Following the discovery of the breach, Škoda temporarily shut down its online store as a precautionary measure. The exploited vulnerability was immediately remediated, and an external digital forensics firm was engaged to conduct a detailed investigation. Existing security mechanisms have also been reviewed and further strengthened. The incident has been reported to the relevant data protection authority.

Global video hosting and streaming platform Vimeo has confirmed a cybersecurity incident involving unauthorized access through third-party analytics provider Anodot. Attackers gained unauthorized access to databases containing technical information, video titles, metadata, and email addresses belonging to some Vimeo customers. According to the company, the unauthorized access occurred on April 4, 2026, and was detected on April 21. Preliminary findings from the investigation indicate that the affected databases primarily contained:

• Technical data
• Video titles
• Metadata
• In some cases customer email addresses may also have been exposed.

Vimeo stated that user credentials and, most importantly, payment information were not compromised.

Upon discovery of the incident, Vimeo immediately terminated Anodot’s integration with its systems and revoked all access permissions associated with Anodot accounts. The investigation remains ongoing with the involvement of external cybersecurity specialists; law enforcement authorities have been notified.

The incident has drawn global attention as Vimeo serves approximately 287 million users worldwide. Turkey’s Personal Data Protection Authority (KVKK) officially published a notification regarding the breach on April 29, 2026. While the exact number of affected Turkish residents has not yet been determined, the regulator stated that users in Turkey may have potentially been impacted.

The information security risks are real – but so are the solutions. With SearchInform, you gain the tools, insights and confidence to master risk management. Don’t wait for incident to become headlines. Take the first step toward bulletproof risk management with SearchInform solutions.