- Lidl confirms cyberattack at third-party IT service provider that exposed customer data including names, phone numbers, emails, dates of birth, and customer numbers
- Passwords, payment details, and addresses were not affected, but the company warns of phishing risks and urges vigilance against identity fraud attempts
- Incident was contained quickly, reported to authorities, and investigated by forensic experts; Lidl operates ~12,900 stores across 32 countries
Lidl is warning its customers of a cyberattack which may have affected some of their personal information stored with the company.
In a data breach notification published on its Netherlands, Belgium, and Germany websites, the German discount supermarket chain said an IT security incident at one of its IT service providers affected some of the data stored by Lidl Online Shop customers.
“We were informed of this incident at the beginning of the week,” a machine-translated notification reads. “Despite high IT security standards, unknown persons briefly gained access to a separately stored file with customer data and part of the data was stolen from it. The system of the online shop itself is not affected.”
Unknown impact
Lidl said that the unnamed miscreants walked away with people’s full names, phone numbers, email addresses, dates of birth, and customer numbers. Passwords, billing and delivery addresses, bank details, and other payment information, was allegedly not stolen. Customer accounts remained unaffected, as well.
However, the company is urging its customers to remain vigilant, since there is a high chance the crooks will use the data to send personalized phishing emails.
“Although we currently have no concrete evidence of misuse of data, we warn you about possible phishing attempts or identity fraud as a precaution,” Lidl said.
The company did not say which IT service provider was targeted, or how many people are affected. It merely stated that the company “responded immediately” and “took necessary steps” to restore the full security of the affected systems. The company also filed a report with the relevant authorities, and called in IT forensic experts to investigate the incident.
Local authorities, such as the Dutch Data Protection Authority, or the Belgian “competent supervisory authority for data protection” were notified, as well.
Lidl operates around 12,900 stores across 32 countries in Europe and the United States.
Via Cybernews

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.








English (US) ·