Data Breaches
โ Breach overview
Lidl Digital International GmbH & Co. KG is part of Lidl, a German discount supermarket chain that operates internationally, including in Germany, Belgium, and the Netherlands.
Key Takeaways
- On July 13, 2026, customer numbers, dates of birth, email addresses, names, phone numbers, and salutations of an undisclosed number of online-shop customers were exposed due to a hack at an IT service provider.
- This incident is part of a pattern of data exposures affecting the retail sector in 2026.
- Affected individuals should be vigilant about phishing attempts and other scams that could use their exposed personal details.
Breach Overview
Lidl Digital International GmbH & Co. KG confirmed that customer data from its online shop was stolen. The exposed information includes customer numbers, dates of birth, email addresses, names, phone numbers, and salutations. This data belonged to online-shop customers in Germany, Belgium, and the Netherlands. The company stated that no passwords, billing or delivery addresses, bank details, or other payment information were affected. The number of affected customers was not disclosed. The company has publicly acknowledged the incident.
Exposed Data
Timeline & Cause
The data exposure occurred on July 13, 2026, and was disclosed on the same day. The incident happened due to a hack at one of Lidl's IT service providers. Attackers briefly gained access to a separately stored file of customer data and exfiltrated part of it. Lidl's online shop systems themselves were not compromised.
Next Steps
The exposed data, including names, email addresses, phone numbers, and dates of birth, could be used by attackers for targeted phishing emails, scam calls, or identity theft attempts. You should be suspicious of any unsolicited communications that appear to come from Lidl or other companies, especially if they ask for additional personal information or login credentials. Do not click on suspicious links or download attachments from unknown senders. Be wary of calls asking for personal details or financial information. Lidl has not provided specific remediation guidance such as a fraud hotline or credit monitoring offers, but they did notify data protection authorities in the Netherlands and Belgium, and the affected service provider filed a police report and engaged forensic investigators.