Overview
- Lidl said Monday that attackers copied a file held by an external IT service provider containing customers' salutation, full name, telephone number, email address, birthdate and customer number.
- The company and vendor say the central online‑shop system, customer passwords, postal addresses and payment data were not compromised, though Lidl has not yet ruled out any wider exposure.
- The affected vendor has filed a criminal complaint and reported the incident to the relevant data protection authority while the vendor says it has secured its IT systems.
- So far there are no confirmed cases of misuse, but Lidl has emailed affected customers and is urging vigilance for phishing messages and signs of identity theft in the coming weeks.
- Reports indicate customers in Germany, Belgium and the Netherlands were impacted, a development that will draw cross‑border GDPR scrutiny and could lead to regulatory inquiries or sanctions.