Lidl Customers' Data Stolen in Third-Party Service Provider Breach
European discount supermarket giant **Lidl** has disclosed a data breach impacting customers in Germany, Belgium, and the Netherlands. The incident, which occurred at a third-party service provider, resulted in the theft of personal information from online shop customers. While the core online shop systems remain secure, the full extent of compromised data, including potential payment details, is still under investigation.
European retail behemoth **Lidl**, owned by the **Schwarz Group**, has confirmed a data breach affecting its online shop customers in Germany, Belgium, and the Netherlands. The incident, which **Lidl** states was discovered last week, involved unauthorized access to a separately stored file containing customer data held by a service provider.
### Breach Details Emerge
**Lidl** notified affected customers via email and published advisories on its support websites for [Belgium](https://customerservice.lidl.be/html_mail.jsp?params=8tKyobllxvsU6%2BgXDYjBJc6MQ853XtdVS6zBsH7vxJZSVH%2FBzLZpSM%2Fxo%2BNkxRbDFx7Qk%2FX0EmHNQMTiaWr%2FGCKi%2FhYKokW6%2FkoUR8Rjn4I%3D) and [the Netherlands](https://service.lidl.nl/html_mail.jsp?params=8LybHsuKa7Kn1nJNHJQVXNX0gmCmtqL%2BDv1%2FqBuU15CDljiqHnnM21YJF1q%2FnFUEywx3Rzgho98wZxcM9Vu14In%2BUF9apXtZuAjldylkmGg%3D). The company emphasized that its online shop's core system was not directly compromised.
"Despite high IT security standards, unknown individuals briefly gained access to a separately stored file containing customer data, and part of the data was stolen from it. The online shop's system itself was not affected," **Lidl** stated.
### Compromised Data and Potential Risks
The stolen information includes customer details such as salutation, first and last name, telephone number, email address, date of birth, and customer number.
Crucially, **Lidl** cannot yet definitively rule out the possibility that the breach also encompassed more sensitive data, including customer passwords, billing and delivery addresses, bank details, or other payment information.
### Response and Recommendations
In response to the incident, the compromised IT service provider has filed a police report and engaged IT forensic experts to conduct a thorough investigation into the scope and impact of the breach. **Lidl** has also informed the **Dutch Data Protection Authority**.
Customers are urged to exercise extreme caution regarding potential phishing attempts and identity fraud. "Although we currently have no concrete evidence of data misuse, we are warning you as a precaution against possible phishing attempts or identity fraud," **Lidl** advised. "Be alert for unexpected messages. Always verify the authenticity of the sender. If you notice anything unusual, do not provide any data and do not click on unknown links."
**Lidl** did not immediately provide further comment when contacted for additional information.