Lidl Webshop Data Breach Exposes Customer Details
Aerial view of a Lidl supermarket entrance with its large logo and shopping carts.

Lidl Warns of Phishing Risk After Customer Data Theft

Lidl has warned webshop customers in the Netherlands, Belgium and Germany after personal information was stolen during a security incident involving an external technology provider. The Lidl webshop data breach exposed names, telephone numbers, email addresses, dates of birth and customer numbers.

The German supermarket group began sending warning emails to affected customers on 10 July 2026. It has not disclosed how many people were affected, and the company providing the technology services has not been identified.

Lidl said unknown parties briefly gained access to a separately stored file containing customer information at an external IT provider. Part of the information in that file was stolen before the affected systems were secured.

The exposed records may include a customer’s title or form of address, first and last name, telephone number, email address, date of birth and customer number. Reports indicate that European Lidl customers who received warning emails had registered with the company’s online shop.

Lidl said passwords, billing addresses, delivery addresses, bank details and other payment information were not included in the stolen customer information. Customer accounts were also not compromised, according to the company.

The company said the Lidl Online Shop itself was not breached. The unauthorised access occurred within systems operated by a technology service provider that processed or stored information on the retailer’s behalf.

Lidl has not explained how the intruders accessed the provider’s systems or identified the type of cyberattack involved. It has also not said when the intrusion began or how long the attackers retained access beyond describing it as brief.

The service provider took steps to restore the security of the affected systems after discovering the incident. Police were notified and digital forensic specialists were appointed to investigate how the breach happened and determine its full scope.

Lidl also reported the incident to the Dutch Data Protection Authority. The supermarket group said there was no concrete evidence that criminals had used the stolen information at the time customers were notified.

However, the combination of names, contact information, birth dates and customer numbers creates a risk of phishing and identity fraud. Criminals could use those details to make a fraudulent email, text message or telephone call appear more convincing.

A message that includes a customer’s real name, date of birth or Lidl customer number may appear more trustworthy than a generic scam. An attacker could pretend to represent Lidl, a delivery company, a bank or another organisation and ask the recipient to follow a link, provide a verification code or confirm payment information.

The Lidl customer data theft does not appear to require an automatic password reset because passwords and customer accounts were not exposed, according to the company’s current findings. Customers should nevertheless monitor their accounts and treat unexpected messages about orders, refunds, deliveries or security checks with caution.

Lidl has advised affected customers to verify the full address of anyone sending them an email. They should not click unfamiliar links or provide passwords, payment details, personal information or verification codes in response to an unexpected message.

Customers can reduce the risk of being redirected to a fraudulent website by opening the official Lidl website or app themselves instead of using a link contained in an email or text message. Anyone receiving a suspicious telephone call should end the call and contact the company through an official channel.

Dutch customers with questions about the incident can contact Lidl using the dedicated address [email protected]. Customers in other affected countries should use the contact details included in their notification email or published on their national Lidl website.

The disclosure comes as the Dutch Data Protection Authority reports an increase in cyber-related data breaches. Its annual report, released on 8 July 2026, recorded more than 39,000 breach notifications during 2025, compared with almost 38,000 in 2024.

About 2,400 of the reports submitted in 2025 involved cyberattacks, up from approximately 1,500 a year earlier. More than 1,700 were linked to account takeovers, compared with about 600 during 2024.

The regulator has also warned that artificial intelligence can help criminals produce more realistic and personalised phishing messages. Information taken during incidents such as the Lidl breach can give fraudsters the personal details needed to make those messages harder to recognise as scams.

The investigation into the external IT provider remains under way. The number of affected customers, the identity of the provider and the method used to access the file had not been made public as of 13 July 2026.

Photo credit: Lazy_Bear / Shutterstock.com

Sign up to receive FTNnews Newsletter

Subscribe to get the latest travel news by email

We don’t spam! Read our privacy policy for more info.

Search


Scroll to Top