- Lidl confirms cyber attack on third-party IT service provider exposed customer data including names, phone numbers, emails, dates of birth and customer numbers
- Passwords, payment information and addresses were not affected, but the company warns of phishing risks and urges vigilance against identity fraud attempts
- The incident was quickly contained, reported to the authorities and investigated by forensic experts; Lidl operates ~12,900 stores in 32 countries
Lidl is warning its customers about a cyber attack which may have affected some of their personal information stored with the company.
In a data breach notice published on its websites in the Netherlands, Belgium and Germany, the German discount supermarket chain said an IT security incident at one of its IT service providers affected some of the data stored by Lidl Online Shop customers.
“We were informed of this incident at the beginning of the week,” reads a machine-translated notification. “Despite high IT security standards, unknown persons briefly gained access to a separately stored file of customer data and part of the data was stolen from it. The system of the online shop itself is not affected.”
Unknown influence
Lidl said the unnamed criminals walked away with people’s full names, phone numbers, email addresses, dates of birth and customer numbers. Passwords, billing and delivery addresses, bank details and other payment information were reportedly not stolen. Customer accounts also remained unaffected.
However, the company urges its customers to remain vigilant as there is a high chance that the crooks will use the data to send personalized phishing emails.
“Although we currently have no concrete evidence of misuse of data, we are warning you of possible phishing attempts or identity fraud as a precaution,” Lidl said.
The company did not say which IT service provider was targeted or how many people are affected. It simply said the company “reacted immediately” and “took the necessary steps” to restore full security to the affected systems. The company also filed a report with the relevant authorities and called in IT forensics experts to investigate the incident.
Local authorities, such as the Dutch data protection authority, or the Belgian “competent supervisory authority for data protection” were also notified.
Lidl operates around 12,900 stores in 32 countries in Europe and the USA.
Via Cyber news

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.



