
German retailer Lidl is notifying customers of a data breach after cybercriminals gained unauthorized access to customer information via one of its third-party service providers.
According to Lidl, attackers briefly accessed a separately stored customer database belonging to its online shop. The company says the online shopping platform itself was not compromised and customer accounts remain secure.
The incident affects customers of Lidl's online stores in Germany, Belgium and the Netherlands.
According to Lidl's notification, the stolen data includes:
The company told BleepingComputer that it investigated and found customer passwords, payment information, billing and shipping addresses were not compromised, and customer accounts remain unaffected.
"We have currently no concrete evidence of data misuse. Nevertheless, as a precaution, we warned affected customers against possible phishing attempts or identity abuse," a Lidl spokesperson told BleepingComputer.
"It's important to note: The online shop's system itself was not affected. Passwords, billing and shipping addresses, bank details, or other payment information belonging to our customers are explicitly not affected. Customer accounts were not compromised."
While this is reassuring, the exposed personal information is still enough for cybercriminals to launch highly convincing scams.
Many people assume a breach only poses a threat if passwords or credit card numbers are stolen.
In reality, scammers often use names, email addresses, phone numbers and dates of birth to make phishing attacks look legitimate.
Imagine receiving an email from an entity that knows:
In those circumstances, a fake "order problem," "coupon," or "account verification" email suddenly looks much more believable. Criminals may also impersonate Lidl customer support or other brands by phone, email or SMS, hoping customers will reveal additional information or payment details.
Even though Lidl says it has no evidence that the stolen information has been misused, it’s important to stay alert. Consider changing your Lidl password as a precaution too, even if the retailer says customer passwords were not affected. Using a unique password for every account helps limit the impact of future security incidents.
Be especially cautious if you receive:
If a message seeks to create a sense of urgency or asks you to act immediately, stop and verify it through Lidl's official website or customer support instead of using links included in the message.
Data breaches are often followed by waves of phishing emails, scam text messages, and fake websites designed to exploit worried customers.
Bitdefender Scamio can help you analyze suspicious emails, text messages, screenshots, QR codes, or links to determine whether they're part of a scam before you interact with them.
Before clicking on any link claiming to come from Lidl, you can also use Bitdefender Link Checker to verify whether the website is legitimate or potentially malicious.
If your personal information has been exposed in a breach, Bitdefender Digital Identity Protection continuously monitors your digital footprint, alerts you if your data appears in future breaches, and helps you understand what information about you may already be circulating online.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all posts