Lidl Online Shop Customers Hit by Third-Party Data Breach in Europe
European discount supermarket giant **Lidl** has disclosed a data breach impacting online shop customers in Germany, Belgium, and the Netherlands. The incident stemmed from unauthorized access to a customer database maintained by one of its IT service providers, not **Lidl**'s own online shopping platform.
The breach, which **Lidl** became aware of last week, saw attackers briefly access and exfiltrate a portion of customer information. This sensitive data includes titles, first and last names, phone numbers, email addresses, dates of birth, and customer numbers.
Crucially, **Lidl** has stated there is no indication that passwords, billing or delivery addresses, bank details, or other payment information were compromised. The company reassures customers that their accounts remain secure.
Upon discovering the incident, the unnamed IT service provider immediately took steps to secure the affected systems. **Lidl** has also filed a criminal complaint and notified the relevant data protection authorities.
While no evidence of misuse of the stolen information has been found, **Lidl** has urged affected customers to exercise heightened vigilance against phishing emails and potential identity theft attempts. The exposed data could be leveraged for targeted social engineering scams.
The retailer has not yet identified the affected IT service provider, disclosed the total number of impacted customers, or attributed the breach to a specific threat actor. There is also no indication whether ransomware played a role in the incident.
**Lidl**, part of Germany's **Schwarz Group**, is a significant player in the European retail landscape, operating approximately 12,900 stores across 32 countries and employing around 395,000 people.