Lidl warns customers after data breach

Alina BÎZGĂ

July 15, 2026

Lidl warns customers after data breach

German retailer Lidl is notifying customers of a data breach after cybercriminals gained unauthorized access to customer information via one of its third-party service providers.

Key takeaways

  • Lidl has disclosed a data breach affecting customers of its online shop in Germany, Belgium, and the Netherlands after one of its IT service providers was compromised.
  • Stolen data includes customer identifiers and other account details. The retailer says customer accounts and its online shop systems were not directly breached.
  • Lidl is urging customers to be alert for phishing emails, fake customer support messages, and identity fraud.
  • Even if your passwords or payment details weren't stolen, your personal information can still be valuable to scammers.

According to Lidl, attackers briefly accessed a separately stored customer database belonging to its online shop. The company says the online shopping platform itself was not compromised and customer accounts remain secure.

The incident affects customers of Lidl's online stores in Germany, Belgium and the Netherlands.

What information was exposed?

According to Lidl's notification, the stolen data includes:

  • Customer names
  • Email address
  • Telephone numbers
  • Date of birth
  • Customer number
  • Salutation

The company told BleepingComputer that it investigated and found customer passwords, payment information, billing and shipping addresses were not compromised, and customer accounts remain unaffected.

"We have currently no concrete evidence of data misuse. Nevertheless, as a precaution, we warned affected customers against possible phishing attempts or identity abuse," a Lidl spokesperson told BleepingComputer.

"It's important to note: The online shop's system itself was not affected. Passwords, billing and shipping addresses, bank details, or other payment information belonging to our customers are explicitly not affected. Customer accounts were not compromised."

While this is reassuring, the exposed personal information is still enough for cybercriminals to launch highly convincing scams.

Why this kind of data still matters

Many people assume a breach only poses a threat if passwords or credit card numbers are stolen.

In reality, scammers often use names, email addresses, phone numbers and dates of birth to make phishing attacks look legitimate.

Imagine receiving an email from an entity that knows:

  • Your full name
  • Your birthday
  • Your phone number
  • That you're a Lidl online customer

In those circumstances, a fake "order problem," "coupon," or "account verification" email suddenly looks much more believable. Criminals may also impersonate Lidl customer support or other brands by phone, email or SMS, hoping customers will reveal additional information or payment details.

What should Lidl customers do now?

Even though Lidl says it has no evidence that the stolen information has been misused, it’s important to stay alert. Consider changing your Lidl password as a precaution too, even if the retailer says customer passwords were not affected. Using a unique password for every account helps limit the impact of future security incidents.

Be especially cautious if you receive:

  • Emails asking you to verify your account
  • Text messages claiming there's an issue with an order
  • Unexpected phone calls from someone claiming to represent Lidl
  • Messages asking you to click a link or confirm payment information

If a message seeks to create a sense of urgency or asks you to act immediately, stop and verify it through Lidl's official website or customer support instead of using links included in the message.

How Bitdefender can help

Data breaches are often followed by waves of phishing emails, scam text messages, and fake websites designed to exploit worried customers.

Bitdefender Scamio can help you analyze suspicious emails, text messages, screenshots, QR codes, or links to determine whether they're part of a scam before you interact with them.

Before clicking on any link claiming to come from Lidl, you can also use Bitdefender Link Checker to verify whether the website is legitimate or potentially malicious.

If your personal information has been exposed in a breach, Bitdefender Digital Identity Protection continuously monitors your digital footprint, alerts you if your data appears in future breaches, and helps you understand what information about you may already be circulating online.

tags


Author


Alina BÎZGĂ

Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like

Bookmarks


loader