Lidl discloses online shop breach after service provider hack

6 hours ago 6

LIDL

German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breach at a service provider.

Lidl, owned by Schwarz Group, the largest food retailer in Europe, has over 376,000 employees and operates 12,000 stores across Europe and the United States.

The discount giant notified affected customers of the incident over email last week and published separate notifications on its support websites in Belgium and the Netherlands.

image

As detailed in these alerts, the breach was discovered last week, with attackers stealing data from customers who used Lidl's online shop.

"Despite high IT security standards, unknown individuals briefly gained access to a separately stored file containing customer data, and part of the data was stolen from it. The online shop's system itself was not affected," the company said.

"The stolen data contains customer information belonging to our online shop customers (salutation, first and last name, telephone number, email address, date of birth, customer number)."

While the threat actors didn't gain access to the online shop's systems, Lidl said that it cannot yet rule out that the breach may also involve affected customers' passwords, billing and delivery addresses, bank details, or other payment information.

Lidl added that the hacked IT service provider has also filed a police report and engaged IT forensic experts to investigate the full scope and impact of the incident.

The supermarket giant has also notified the Dutch Data Protection Authority of the data breach and advised affected customers to be wary of potential phishing attacks that might use the stolen information.

"Although we currently have no concrete evidence of data misuse, we are warning you as a precaution against possible phishing attempts or identity fraud," it added.

"Be alert for unexpected messages. Always verify the authenticity of the sender. If you notice anything unusual, do not provide any data and do not click on unknown links."

A Lidl spokesperson was not immediately available for comment when BleepingComputer reached out for more information about the incident.

article image

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Read Entire Article