VYPR
breachPublished Jul 13, 2026· 2 sources

Lidl Suffers Data Breach Via Third-Party Provider Hack

Discount supermarket chain Lidl has disclosed a data breach affecting its online shops in Germany, Belgium, and the Netherlands, resulting from a hack at a service provider.

Lidl, a prominent European discount supermarket chain owned by the Schwarz Group, has alerted customers in Germany, Belgium, and the Netherlands to a data breach impacting its online shop operations. The incident, discovered last week, occurred when attackers gained unauthorized access to a third-party service provider handling customer data.

According to Lidl's notifications, the breach involved the theft of personal information from customers who had used the company's online shop. The stolen data includes customer salutations, first and last names, telephone numbers, email addresses, dates of birth, and customer numbers. While the online shop's core systems remained unaffected, Lidl stated that it cannot yet definitively rule out the possibility that passwords, billing and delivery addresses, bank details, or other payment information may have also been compromised.

The affected IT service provider has initiated a police report and engaged IT forensic experts to conduct a thorough investigation into the full scope and impact of the incident. Lidl has also formally notified the Dutch Data Protection Authority about the breach.

In response to the incident, Lidl is urging affected customers to remain vigilant against potential phishing attacks and identity fraud. The company emphasized that while there is currently no concrete evidence of data misuse, customers should be cautious of unexpected communications and always verify the authenticity of senders before providing any personal information or clicking on suspicious links.

Lidl operates over 12,000 stores across Europe and the United States, employing more than 376,000 individuals, making this breach a significant concern for a large customer base. The reliance on third-party providers for data handling continues to be a critical vulnerability for many organizations, as demonstrated by this incident.

The supermarket giant's proactive notification and advisory serve as a reminder of the ongoing cybersecurity challenges faced by large retail operations and the importance of robust security measures not only within their own infrastructure but also within their supply chain.

The breach at Lidl's IT service provider has resulted in the theft of customer names, telephone numbers, email addresses, dates of birth, customer numbers, and salutations. While passwords and payment information may also have been compromised, the supermarket chain stated that customer accounts themselves were not affected. Lidl is warning customers of potential phishing attempts or identity fraud as a precaution, despite currently having no concrete evidence of data misuse.

Synthesized by Vypr AI