Lidl has disclosed a data breach affecting online shop customers in Germany, Belgium, and the Netherlands after a cyberattack targeted one of its third-party IT service providers. The discount supermarket chain, owned by Schwarz Group, learned of the incident last week and promptly notified affected customers via email while publishing breach notices on its German, Belgian, and Dutch support websites. The company emphasized that its online shop system itself was not compromised, with attackers instead accessing a separately stored file containing customer data.
The stolen information includes customer salutations, first and last names, phone numbers, email addresses, dates of birth, and customer numbers. Lidl currently has no evidence that passwords, billing or delivery addresses, bank details, or other payment information were accessed. The company stated that customer accounts themselves remain secure and that the affected IT service provider responded immediately to restore full security to its systems.
Security experts note this incident highlights the persistent vulnerability of supply-chain relationships in retail operations. The breach adds Lidl to a growing list of European retailers hit by third-party attacks over the past year, including Marks & Spencer, Co-op, Louis Vuitton, Pandora, and Harrods. While the compromised data does not include financial information or credentials that pose direct threats to money or identity, the combination of personal details creates significant risk for targeted phishing and social engineering attacks.
Lidl has filed a police report, engaged external IT forensic experts to investigate the full scope of the incident, and notified relevant data protection authorities including the Dutch and Belgian Data Protection Authorities. The company has not disclosed the name of the compromised service provider or the total number of affected customers. As of this report, no threat actor has publicly claimed responsibility for the attack.
Customers who have shopped at Lidl's online stores in the affected countries should change their Lidl account passwords immediately, particularly if those passwords are reused on other platforms. Security professionals recommend enabling multi-factor authentication wherever available and remaining alert for phishing emails, text messages, or phone calls that reference Lidl accounts or recent orders. Customers should verify the authenticity of any communication by contacting Lidl directly through official channels rather than responding to unsolicited messages, and should monitor bank and card statements closely in the coming months.
Source: https://www.itsecurityguru.org/2026/07/14/lidl-confirms-data-breach-after-third-party-it-provider-hack


