Particle.news

Lidl Customer Records Copied in Third-Party Data Breach

Regulators, police, Lidl are investigating the stolen contact and identity details because they increase the risk of phishing and identity fraud.

Overview

  • Lidl said Monday that attackers copied a file held by an external IT service provider containing customers' salutation, full name, telephone number, email address, birthdate and customer number.
  • The company and vendor say the central online‑shop system, customer passwords, postal addresses and payment data were not compromised, though Lidl has not yet ruled out any wider exposure.
  • The affected vendor has filed a criminal complaint and reported the incident to the relevant data protection authority while the vendor says it has secured its IT systems.
  • So far there are no confirmed cases of misuse, but Lidl has emailed affected customers and is urging vigilance for phishing messages and signs of identity theft in the coming weeks.
  • Reports indicate customers in Germany, Belgium and the Netherlands were impacted, a development that will draw cross‑border GDPR scrutiny and could lead to regulatory inquiries or sanctions.