Lidl Data Breach Hits Germany, Belgium, the Netherlands

Lidl Data Breach Exposes Customer Details in Germany, Belgium, and the Netherlands

Lidl Data Breach Exposes Customer Details in Germany, Belgium, and the Netherlands

Lidl has warned online shop customers in Germany, Belgium, and the Netherlands after attackers stole personal data through a third-party IT provider. Image generated via Google’s Nano Banana 2

Lidl says attackers stole customer data in Germany, Belgium, and the Netherlands via a third-party provider, raising concerns about phishing and GDPR compliance.

Written By
Kezia Jungco
Kezia Jungco
Jul 14, 2026

Lidl customers in Germany, Belgium, and the Netherlands may want to check their inboxes after attackers stole personal data linked to the retailer’s online shops.

The incident involved an external IT service provider, where attackers accessed a separate file containing names, phone numbers, email addresses, dates of birth, and customer numbers. Lidl said passwords, payment details, bank information, and billing or delivery addresses were not exposed, but the stolen identity data could still help criminals create convincing phishing messages, impersonate the retailer, or attempt identity fraud.

The incident also raises fresh questions about third-party security controls and GDPR obligations for European companies that rely on outside vendors to handle customer information.

Attackers accessed a separate customer file

According to BleepingComputer, Lidl said that unknown attackers briefly accessed a separate file containing information belonging to online shop customers. The retailer said the online shop system itself remained unaffected and customer accounts were not compromised.

“Despite high IT security standards, unknown individuals briefly gained access to a separately stored file containing customer data, and part of the data was stolen from it,” Lidl said in a customer notification, according to BleepingComputer.

The stolen records included customers’ titles, first and last names, phone numbers, email addresses, dates of birth, and customer numbers.

Lidl said attackers did not obtain passwords, payment details, bank information, or billing and delivery addresses, according to TechRadar. The company has not disclosed how many customers were affected or which service provider was involved.

RetailDetail noted that affected customers in Belgium and the Netherlands were contacted directly. Lidl also published notices on its support sites for customers using the online shops in those markets.

Phishing remains the clearest risk

The lack of exposed passwords and financial data reduces the immediate risk of account takeover or direct payment fraud. Still, the information taken could make scam messages look far more convincing.

Names, dates of birth, phone numbers, email addresses, and customer numbers could help criminals impersonate Lidl representatives and cite a supposed refund, delivery issue, account alert, or security check.

“We currently have no concrete evidence of data misuse. Nevertheless, as a precaution, we warned affected customers against possible phishing attempts or identity abuse,” a Lidl spokesperson told BleepingComputer.

Customers should avoid clicking links in unexpected Lidl-branded emails or text messages. Visiting Lidl’s official website or app directly is safer than responding to a message that requests login details, payment information, or urgent identity verification.

Advertisement

Must-read security coverage

The incident puts vendor security under scrutiny

The breach shows how customer risk can extend beyond a retailer’s own systems. European organizations remain responsible for assessing how external providers store, secure, and process personal information, especially when the data is subject to GDPR.

Separating the file from the main online shop may have helped contain the intrusion. The copied data still contained enough personal detail to enable targeted fraud, showing that segmentation limits damage but does not eliminate the need for strong vendor monitoring and access controls.

TechRadar said that the service provider restored its systems, filed a police report, and hired forensic specialists to investigate. Lidl also notified relevant privacy regulators, including the Dutch Data Protection Authority.

The remaining questions include how attackers gained access to the provider, how long they had access, and whether the stolen records have been shared or misused.

Until investigators provide more detail, affected customers should remain alert for personalised phishing attempts, while European businesses may want to review how much customer data their vendors hold and how quickly an incident would be detected.

Also read: Hackers claimed to have stolen 1.3 TB of data from Danish drugmaker Novo Nordisk, raising concerns about cyber risks across Europe’s healthcare sector.

Kezia Jungco

Kezia Jungco is a technology writer and researcher specializing in artificial intelligence, data analytics, CRM software, cloud infrastructure, cybersecurity, and emerging business technologies. With more than five years of experience evaluating software platforms and technology solutions, she helps business leaders understand the tools and trends shaping the future of work. Kezia has extensive hands-on experience testing and analyzing generative AI platforms, chatbots, natural language processing (NLP) tools, CRM systems, and business software. Her work focuses on translating complex technologies into practical insights that help organizations make informed decisions about technology adoption, operational efficiency, and digital transformation. As a staff writer for TechnologyAdvice, Kezia covers AI innovation, business applications of machine learning, data-driven technologies, cloud computing, cybersecurity, and sales technology. Her background in journalism, research, and education enables her to combine rigorous analysis with clear, accessible reporting for both enterprise and consumer audiences. Kezia holds a bachelor's degree in Development Communication with a major in Development Journalism from the University of the Philippines Los Baños. She has also completed professional training in artificial intelligence, data privacy, and information security. Her work has been featured in TechnologyAdvice, TechRepublic, eWeek, Datamation, and Selling Signals, where she helps readers navigate a rapidly evolving technology landscape with practical, research-driven guidance.