German discount retailer Lidl tells customers that a cyberattack on one of its IT service providers led to theft of some customer data. According to Lidl’s public notifications posted on its support websites, the company says it learned about the incident last week and subsequently informed customers in Germany, Belgium, and the Netherlands. In the notices, Lidl states that attackers briefly gained access to a separately stored file containing customer information, despite what it describes as high IT security standards. The company says the attackers stole some of the data from that file, but the reports provided do not specify which categories of personal information were taken or the size of the affected population. The outlets also describe the breach as involving a third-party or supplier environment rather than a direct compromise of Lidl systems. Lidl’s communications focus on alerting customers across multiple countries where its online services and customer relationships are used, and they direct customers to relevant information about the incident.