Notification of a Personal Data Breach Affecting Users of store.mudita.com
Mudita Storestore@mudita.com
Dear Sir or Madam,
We would like to inform you about an incident concerning the security of personal data in our online store Mudita Store. We understand how important such information is, which is why we are providing it in a clear and transparent manner.
What happened
On March 31, 2026, a professional data processor cooperating with us identified an incorrect technical configuration on one of its servers, which could have enabled access to a copy of the customer database. This access was immediately blocked and the files were removed.
The conducted analysis indicates that, to a limited extent, the data may have been accessed or downloaded by unauthorized parties.
What data may have been affected
The incident may have involved:
first and last name,
email address,
phone number (if provided),
delivery address (if provided),
order history (if purchases were made in our store).
In some cases, the system also contained encrypted (hashed) passwords - these were not available in plain text and, to the best of our knowledge, could not be decrypted.
We did not store credit card data or user passwords in readable (plain-text) form in the database affected by this incident.
Possible consequences
The incident may result in an increased risk of:
fraudulent messages (e.g. requesting additional payment for delivery),
attempts to impersonate our store,
unsolicited marketing communications.
What we have done
Immediately after detection, the data processor:
secured the system and removed the source of the issue,
conducted a detailed analysis of the incident,
implemented additional safeguards.
Mudita on our servers have taken equivalent actions and:
are monitoring the situation for potential misuse,
have implemented additional corrective measures, including enhanced technical and organizational safeguards aimed at preventing similar incidents,
promptly reported the incident to the President of the Personal Data Protection Office (UODO) upon receiving notification from the processor,
prepared our staff to respond to your questions and provide guidance on securing your data.
What you can do
For your safety, we recommend:
changing your account password (especially if it is used in other services),
exercising caution when receiving suspicious messages or links,
not sharing your login credentials with third parties.
Your rights
You have the right to:
obtain additional information about the incident,
lodge a complaint with the President of the Personal Data Protection Office.
Contact
Mudita:
e-mail: support@mudita.com
We sincerely apologize for this situation. We are making every effort to ensure that similar incidents do not occur in the future.
Yours faithfully,
Team Mudita
Stay mindful, Mudita