Lidl warns customers of its online store after a security incident that exposed basic personal data

Lidl warns customers of its online store after a security incident that exposed basic personal data

You already know that cyber attacks on large companies are the order of the day and, in most cases, they involve the leak of user data. Today, Lidl has communicated to customers of its online store a computer security incident which has affected some of the personal data stored by one of its IT service providers. The company explains that the unauthorized access occurred on a file stored separately from the online store’s main system, from which unidentified people managed to steal part of the information contained therein.

According to the notification sent to those affected, the compromised data includes name and surname, title, telephone number, email, date of birth and customer number. Lidl maintains that, for the moment, it can rule out that the incident affected passwords, billing or shipping addresses, bank details or other payment information. The company also notes that the customer account has not been compromised.

The chain indicates that it was informed of the problem earlier this week and that, after learning what happened, the supplier involved activated measures to restore security to affected systems. Additionally, a criminal complaint has been filed and a forensic investigation has been commissioned to clarify the extent of the access and the circumstances of the data theft. Lidl adds that the incident has already been reported to the Spanish Data Protection Agency.

Lidl asks for caution against possible fraudulent emails or messages

Although the company states that it is not aware of any specific misuse of the stolen information at this time, it has warned customers of a possible increase in phishing or spoofing attempts. The main risk in such a case does not usually involve direct access to the account, but rather the use of basic personal data to construct more credible messages and deceive the user with emails, SMS or calls that appear to be legitimate communications.

For this reason, Lidl recommends taking extreme caution with unexpected messages, always checking the authenticity of the sender and avoiding clicking on unknown links or providing additional information if there is any doubt about the origin of the communication. The company has also enabled a specific email address to answer questions related to this incident.

For now, Lidl has not detailed how many customers have been affected or whether the incident impacts only Spain or other markets. The most important thing for those affected is to be alert to possible abuses derived from the exposed data. Likewise, the supermarket chain urges its customers to send their questions to management. data.shop@lidl.es.