Skip to content
Tech News
← Back to articles

Lidl discloses online shop breach after service provider hack

read original more articles

German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breach at a service provider.

Lidl, owned by Schwarz Group, the largest food retailer in Europe, has over 376,000 employees and operates 12,000 stores across Europe and the United States.

The discount giant notified affected customers of the incident over email last week and published separate notifications on its support websites in Belgium and the Netherlands.

As detailed in these alerts, the breach was discovered last week, with attackers stealing data from customers who used Lidl's online shop.

"Despite high IT security standards, unknown individuals briefly gained access to a separately stored file containing customer data, and part of the data was stolen from it. The online shop's system itself was not affected," the company said.

"The stolen data contains customer information belonging to our online shop customers (salutation, first and last name, telephone number, email address, date of birth, customer number)."

While the threat actors didn't gain access to the online shop's systems, Lidl said that it cannot yet rule out that the breach may also involve affected customers' passwords, billing and delivery addresses, bank details, or other payment information.

Lidl added that the hacked IT service provider has also filed a police report and engaged IT forensic experts to investigate the full scope and impact of the incident.

The supermarket giant has also notified the Dutch Data Protection Authority of the data breach and advised affected customers to be wary of potential phishing attacks that might use the stolen information.

"Although we currently have no concrete evidence of data misuse, we are warning you as a precaution against possible phishing attempts or identity fraud," it added.

... continue reading