Lidl customers' bank details at risk after third-party security failure
Hackers might know your last name and telephone number.

People entering supermarket chain Lidl store. Mike Kemp/In Pictures via Getty Images.
- Personal information including names, emails, and potentially passwords and bank details stolen from Lidl's online shop customers in Belgium, Germany, and the Netherlands.
- Lidl notified authorities and hired security experts but hasn't disclosed how many customers are affected
- No hacking group has claimed responsibility and there's no evidence of data being exploited so far.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Discount supermarket Lidl has notified customers of a data breach involving their personal information. Affected customers are asked to be vigilant for phishing attempts.
Affected shoppers in Belgium, Germany, and the Netherlands have received an email informing them of what happened.
The email says that one of Lidl’s third-party service providers experienced an “IT security incident” that enabled an unknown attacker to access detailed customer information from Lidl’s online shop.
The exfiltrated data includes first and last names, telephone numbers, email addresses, dates of birth, and customer numbers.
“At this moment, we cannot rule out that this involves passwords, billing, and delivery addresses, bank details, or other payment information. Your customer account has not been affected,” Lidl states.
The discount supermarket assures customers that the affected service provider responded immediately and took the necessary steps to fully restore the affected IT systems. In addition, Lidl filed a police report and hired external security experts to launch an investigation into the incident.
The data protection authorities in Belgium, Germany, and the Netherlands have been notified of the incident.
Although there’s no evidence that the stolen data has been misused, the discounter recommends being alert for possible phishing attempts.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
“Be vigilant for unexpected messages. Always verify the authenticity of the sender. If you notice anything unusual, don’t provide any data and don’t click on unknown links,” the discounter warns.
Lidl says it was notified of the incident at the beginning of last week, but chose to go public on Friday, July 10th. The number of customers affected by the data breach is unclear. As of writing, no hacking group has claimed responsibility.