Lidl customers across Europe hit in suspected data breach - here's what we know

10 hours ago 5
Lidl store logo (Image credit: Getty Images)

  • Lidl confirms cyberattack at third-party IT service provider that exposed customer data including names, phone numbers, emails, dates of birth, and customer numbers
  • Passwords, payment details, and addresses were not affected, but the company warns of phishing risks and urges vigilance against identity fraud attempts
  • Incident was contained quickly, reported to authorities, and investigated by forensic experts; Lidl operates ~12,900 stores across 32 countries

Lidl is warning its customers of a cyberattack which may have affected some of their personal information stored with the company.

In a data breach notification published on its Netherlands, Belgium, and Germany websites, the German discount supermarket chain said an IT security incident at one of its IT service providers affected some of the data stored by Lidl Online Shop customers.

“We were informed of this incident at the beginning of the week,” a machine-translated notification reads. “Despite high IT security standards, unknown persons briefly gained access to a separately stored file with customer data and part of the data was stolen from it. The system of the online shop itself is not affected.”

Unknown impact

Lidl said that the unnamed miscreants walked away with people’s full names, phone numbers, email addresses, dates of birth, and customer numbers. Passwords, billing and delivery addresses, bank details, and other payment information, was allegedly not stolen. Customer accounts remained unaffected, as well.

However, the company is urging its customers to remain vigilant, since there is a high chance the crooks will use the data to send personalized phishing emails.

“Although we currently have no concrete evidence of misuse of data, we warn you about possible phishing attempts or identity fraud as a precaution,” Lidl said.

The company did not say which IT service provider was targeted, or how many people are affected. It merely stated that the company “responded immediately” and “took necessary steps” to restore the full security of the affected systems. The company also filed a report with the relevant authorities, and called in IT forensic experts to investigate the incident.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Local authorities, such as the Dutch Data Protection Authority, or the Belgian “competent supervisory authority for data protection” were notified, as well.

Lidl operates around 12,900 stores across 32 countries in Europe and the United States.

Via Cybernews


Best antivirus software header

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.


Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article