An outside vendor leaked Lidl shopper data.

Attackers breached a third-party database, not Lidl’s own platform, exposing customers in Germany, Belgium and the Netherlands.

Lidl has not named the contractor or said how many records were taken.

Sources: The Record