Lidl Customer Data Stolen in IT Service Provider Breach
German discount supermarket chain Lidl has disclosed a data breach affecting customers in Germany, Belgium, and the Netherlands after attackers compromised one of its IT service providers. The company revealed the incident in notices posted on its support websites last week.
The breach allowed unidentified threat actors to access and exfiltrate a file containing customer data, though Lidl confirmed its online shop system remained unaffected. Compromised information includes names, telephone numbers, email addresses, dates of birth, customer numbers, and salutations. While passwords and payment details may also have been exposed, Lidl stated that customer accounts were not directly impacted.
Though no evidence of data misuse has been found, the company issued a precautionary warning about potential phishing attempts or identity fraud. The affected IT service provider has since secured its systems, filed a police report, and engaged forensic experts to investigate the incident. Lidl also notified the relevant data protection authority.
No details about the attackers or their motives have been released.
Source: https://www.helpnetsecurity.com/2026/07/13/lidl-data-breach-customer-data/
Lidl International cybersecurity rating report: https://www.rankiteo.com/company/lidl-international
"id": "LID1783967499",
"linkid": "lidl-international",
"type": "Breach",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Customers in Germany, Belgium, '
'and the Netherlands',
'industry': 'Supermarket/Retail',
'location': 'Germany, Belgium, Netherlands',
'name': 'Lidl',
'type': 'Retail'}],
'attack_vector': 'Third-party compromise',
'customer_advisories': 'Precautionary warning about potential phishing '
'attempts or identity fraud issued',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Names, telephone '
'numbers, email '
'addresses, dates of '
'birth, customer '
'numbers, salutations',
'sensitivity_of_data': 'High (PII, potential passwords and '
'payment details)',
'type_of_data_compromised': 'Customer data'},
'description': 'German discount supermarket chain Lidl disclosed a data '
'breach affecting customers in Germany, Belgium, and the '
'Netherlands after attackers compromised one of its IT service '
'providers. The breach allowed unidentified threat actors to '
'access and exfiltrate a file containing customer data, though '
'Lidl confirmed its online shop system remained unaffected. '
'Compromised information includes names, telephone numbers, '
'email addresses, dates of birth, customer numbers, and '
'salutations. Passwords and payment details may also have been '
'exposed, but customer accounts were not directly impacted.',
'impact': {'data_compromised': 'Names, telephone numbers, email addresses, '
'dates of birth, customer numbers, '
'salutations, passwords (potential), payment '
'details (potential)',
'identity_theft_risk': 'Potential',
'payment_information_risk': 'Potential',
'systems_affected': 'IT service provider systems'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Lidl support websites'}],
'regulatory_compliance': {'regulatory_notifications': 'Relevant data '
'protection authority '
'notified'},
'response': {'communication_strategy': 'Notices posted on support websites, '
'customer advisories issued',
'containment_measures': 'IT service provider secured its systems',
'law_enforcement_notified': 'Police report filed',
'third_party_assistance': 'Forensic experts engaged'},
'threat_actor': 'Unidentified',
'title': 'Lidl Customer Data Stolen in IT Service Provider Breach',
'type': 'Data Breach'}