Lidl has alerted its customers to a data breach involving a third-party IT provider, which has resulted in the exposure of personal information. This breach affects customers in Germany, Belgium, and the Netherlands. The company announced that unauthorized individuals managed to access a file containing customer data, although the main online shop system remains secure. The compromised data includes full names, phone numbers, email addresses, dates of birth, and customer numbers. Lidl has assured that sensitive data such as passwords, billing, and delivery addresses, as well as payment details, remain unaffected. In response, Lidl's IT service provider has taken immediate steps to secure the systems and has engaged forensic experts to investigate the breach further. Authorities have been notified as part of the response process. Lidl has warned customers to be on the lookout for phishing attempts, advising them to verify the authenticity of communication and to avoid clicking on suspicious links. Boris Cipot, a security engineer at Black Duck, commended Lidl's transparency and swift action, emphasizing the importance of maintaining this transparency as investigations continue. Customers are encouraged to change their passwords and enable multi-factor authentication where possible to mitigate risks. Monitoring financial statements and considering additional security measures like a credit freeze are also recommended.
Lidl Alerts Customers to Data Breach and Phishing Threats
Retailer Lidl notifies customers after a third-party supplier breach exposed stored customer data hosted externally.
Executive Summary
Lidl has notified customers in Germany, Belgium, and the Netherlands of a data breach involving a third-party IT provider, exposing personal data but not sensitive financial information. The retailer has taken steps to secure systems and warns customers to stay vigilant for phishing scams.


