Lidl discloses online shop breach after service provider hack
2 mins read

Lidl discloses online shop breach after service provider hack

German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breach at a service provider.

Lidl, owned by Schwarz Group, the largest food retailer in Europe, has over 376,000 employees and operates 12,000 stores across Europe and the United States.

The discount giant notified affected customers of the incident over email last week and published separate notifications on its support websites in Belgium and the Netherlands.

As detailed in these alerts, the breach was discovered last week, with attackers stealing data from customers who used Lidl’s online shop.

“Despite high IT security standards, unknown individuals briefly gained access to a separately stored file containing customer data, and part of the data was stolen from it. The online shop’s system itself was not affected,” the company said.

“The stolen data contains customer information belonging to our online shop customers (salutation, first and last name, telephone number, email address, date of birth, customer number).”

Lidl said the threat actors didn’t gain access to the online shop’s systems and that it can rule out the possibility that the breach involves affected customers’ passwords, payment information, and addresses.

The supermarket giant also notified the Dutch Data Protection Authority of the data breach and advised affected customers to be wary of potential phishing attacks that might use the stolen information.

“We have currently no concrete evidence of data misuse. Nevertheless, as a precaution, we warned affected customers against possible phishing attempts or identity abuse,” a Lidl spokesperson told GeekFeed.

“It’s important to note: The online shop’s system itself was not affected. Passwords, billing and shipping addresses, bank details, or other payment information belonging to our customers are explicitly not affected. Customer accounts were not compromised.”

The hacked IT service provider has also filed a police report and engaged IT forensic experts to investigate the full scope and impact of the incident.

Leave a Reply

Your email address will not be published. Required fields are marked *