Customer data from Lidl’s Dutch and Belgian online store was compromised in a data breach. Hackers briefly gained access to personal information, but the supermarket chain reassures customers that no payment data or addresses were leaked.
Not the online store itself
Customers of the Lidl online store in Belgium and the Netherlands should be extra vigilant for suspicious emails and attempts at identity theft. At an external IT vendor for the supermarket chain, “unknown individuals” accessed a file containing personal data and partially copied it.
Among other things, the attackers obtained names, phone numbers, email addresses, dates of birth, and customer numbers. Lidl has not disclosed how many accounts were affected by the incident. The retailer has notified the affected customers directly.
According to Lidl, the core of the online store remained unaffected. The criminals did not gain access to passwords, payment details, bank information, or billing or shipping addresses. The customer accounts themselves were also not compromised.
Risk of phishing
The supermarket chain currently has no indication that anyone has already misused the stolen information. Nevertheless, Lidl is anticipating targeted phishing messages, in which fraudsters might, for example, impersonate the company.
The IT partner involved has since restored the security of its systems and appointed specialized investigators to reconstruct the attack. The company also filed a complaint. Lidl additionally notified the relevant privacy regulator.
Europe - EN
België - NL
Nederland - NL
España - ES
France - FR


