- Lidl confirms a cyber attack on a third-party IT service provider that exposed customer data including names, phone numbers, emails, dates of birth and customer numbers.
- Passwords, payment details and addresses were not affected, but the company warns of phishing risks and urges vigilance for identity fraud attempts.
- The incident was quickly contained, reported to authorities and investigated by forensic experts; Lidl operates ~12,900 stores in 32 countries
Lidl is warning its customers of a cyberattack that may have affected some of their personal information stored in the company.
In a data breach notification posted on its websites in the Netherlands, Belgium and Germany, the German discount supermarket chain said an IT security incident at one of its IT service providers affected some of the data stored by customers of online retailer Lidl.
“We were informed of this incident earlier in the week,” reads a machine-translated notification. “Despite high IT security standards, a separately stored file with customer data was briefly accessed by unknown persons and part of the data was stolen. The online store system is not affected.”
Unknown impact
Lidl said the anonymous criminals left with people’s full names, phone numbers, email addresses, dates of birth and customer numbers. Passwords, billing and delivery addresses, banking details and other payment information were allegedly not stolen. Customer accounts were also unaffected.
However, the company urges its customers to remain vigilant, as there is a high probability that criminals will use the data to send personalized phishing emails.
“Although we currently have no concrete evidence of data misuse, we warn of possible phishing attempts or identity fraud as a precautionary measure,” Lidl said.
The company did not say which IT services provider was targeted or how many people were affected. It simply stated that the company “responded immediately” and “took the necessary steps” to restore full security to the affected systems. The company also filed a report with relevant authorities and called in IT forensic experts to investigate the incident.
Local authorities, such as the Dutch Data Protection Authority or the Belgian “competent data protection supervisory authority”, were also notified.
Lidl operates around 12,900 stores in 32 countries in Europe and the United States.
Through cyber news

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




