German discount supermarket chain Lidl has notified customers in Germany, Belgium, and the Netherlands that customer data was stolen after attackers breached one of its IT service providers.

In notices published on its support websites in Belgium and the Netherlands, Lidl said it was informed of the incident last week.
“Despite high IT security standards, unidentified individuals were briefly able to access a separately stored file containing customer data and steal some of it. The online shop system itself was not affected,” the company wrote.
According to Lidl, the stolen data includes customers’ names, telephone numbers, email addresses, dates of birth, customer numbers, and salutations.
Lidl warned that passwords, billing and delivery addresses, bank details, and other payment information may also have been compromised, although it stressed that customer accounts were not affected.
“Although we currently have no concrete evidence of data misuse, we are warning you as a precaution against possible phishing attempts or identity fraud,” it added.
Lidl said the affected IT service provider restored the security of its IT systems, filed a police report, and engaged IT forensic experts to investigate the incident. The company also notified the relevant data protection authority.
There are currently no additional details about who may be behind the attack.