2 min Security

Data breach at Lidl: online store customer data stolen

Data breach at Lidl: online store customer data stolen

Lidl is warning customers about a data breach at an external IT service provider. Unknown individuals gained access to the names, phone numbers, email addresses, dates of birth, and customer numbers of online store customers in the Netherlands, Belgium, and Germany. According to the supermarket chain, passwords, addresses, and payment information were not compromised.

The German supermarket chain reported the incident this week on its Dutch, Belgian, and German websites. According to Lidl, unknown individuals briefly gained access to a separately stored file containing customer data. It is explicitly not a hack of the online store itself. Lidl became aware of the breach earlier this week. The company has not disclosed how many customers are affected or which IT service provider was compromised.

Such details often come to light later. Ransomware gangs and other cybercriminals frequently make a habit of publicly naming their victims. In ransomware incidents, this puts additional pressure on the victim to pay the ransom in order to limit further reputational damage.

Phishing as the greatest risk

There are no concrete indications of misuse at this time. Nevertheless, Lidl is explicitly warning customers to remain vigilant. Using the stolen data (name, email address, phone number, date of birth, and customer number), criminals can create highly convincing phishing messages that appear to come from Lidl. Examples include fake emails about orders or text messages with delivery notifications.

The company enlisted forensic experts and reported the breach to the relevant regulatory authorities, including the Dutch Data Protection Authority and the Belgian Data Protection Authority. The investigation into the incident is still ongoing.

See also: Lidl owner builds European sovereign cloud