Caution: Cyber attack on automotive spare parts dealer

Sicherheit (Pexels, allgemeine Nutzung)[German]Brief note for blog readers who happen to be customers of the platform (sells spare parts for vehicles). There was a successful cyber attack at this provider, in which personal data of the central customer management software may have been viewed and possibly also copied. The company has informed its customers, as a blog reader told me.


Who is Autodoc?

Autodoc  is a supplier of spare parts for cars, trucks, motorcycles, now operating in 27 countries.  In 2020, Autodoc's turnover was 842 million euros. The provider describes itself as "Europe's leading online retailer of automotive spare parts" and is headquartered in Berlin. 

Autodoc Webshop

The online retailer can be reached via the website with its store system.

The cyber attack

German blog reader Dirk R. informed me a few hours ago about a cyber attack on the online retailer. Dirk, as the affected party, was probably informed directly about the incident via the following mail. In the Skoda community, the mail was shared a bit earlier. When the incident was is not disclosed.


Currently, cyber attacks on companies and government agencies are increasing. Even with the implementation of professional security measures, attackers unfortunately still manage to successfully obtain data and know-how of the affected organizations. We are contacting you today because, unfortunately, a cyber attack has also occurred at Autodoc.


Our cybersecurity team registered an attack in which criminals managed to gain access to an internally used communication tool. Through this channel, the attackers were able to view and possibly copy personal data in the central customer management software.

The cybersecurity team was able to detect and stop the attack promptly and prevent further data outflows, but unfortunately, according to the current state of knowledge, it cannot be ruled out that your data was viewed and copied by the attackers.

The affected data are excerpts from the customer master data stored in the customer management system, in particular title, surname, first name, street, house number, postal code, city, country, e-mail address, telephone number (mobile and/or landline) and the internally assigned customer number.

No other data is affected, in particular no access data, passwords, credit card data, bank data, credit balances or order details.

All necessary measures were taken immediately by our experts and the forensic investigation of the cyber attack is continuing. Our data protection team is working in coordination with the cybersecurity team on the legal processing and has initiated the necessary legal steps; the responsible data protection supervisory authority has already been informed about the attack.


The attackers or third parties to whom the information may have been passed by the attackers are not able to access your customer account with the affected data; in particular, no orders can be placed or data changed. It is also not possible to reset the password for the customer account, as this is done via your personal e-mail account and its access data is only known to you personally.

However, it is conceivable that the data could be used to attempt to spy on further information from you, for example by sending fake text messages, calls or e-mails in which confidential information such as passwords or TANs are fraudulently requested using the real data (so-called phishing). It is also possible for criminals to simulate your identity to third parties in order to gain advantages for themselves or others or to harm you (so-called identity abuse).


Our cyber security team has reset all access data for the customer management system. Affected computers were forensically analyzed and reset. Where the internal communications service was affected, the access data there was also reset. From a technical point of view, access to the customer management system was significantly hardened by the introduction of new transport encryption measures, and connection filtering was made tighter.

From an organizational perspective, as a precautionary measure, certain identification procedures are no longer used in the Customer Care area and all employees with customer contact have been informed and sensitized accordingly.

We are keeping a close eye on the internal investigations and other developments in connection with the incident and will initiate further measures immediately if new findings make this necessary.


In the future, you should be particularly vigilant if someone asks you to transmit or disclose data by phone, SMS or e-mail. Therefore, please check all inputs and communications, even in time-critical situations, and do not open any attachments or links if you are not completely sure that it is an authentic process. When in doubt, you should always choose not to perform the requested action. Do not disclose confidential information to strangers. Remember that, as a rule, no request for confidential data is made by service providers, merchants or banks. Also, no alleged emergencies will be attended to by IT or software companies by phone without your initiative and urgent activities will be demanded from you. Never act in such cases without first reassuring yourself with a body that is undoubtedly authentic and reputable.

If someone unknown tries to put time pressure on you and threatens you with urgency, tries to exploit superior/subordinate relationships or makes unrealistic promises – do not act. Please also talk to confidants and relatives so that they are not spied on by abusing your identity.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *