Lidl and EY both disclosed third-party support and service-provider data breaches

Lidl and EY both disclosed third-party support and service-provider data breaches

Lidl notified customers in Germany, Belgium, and the Netherlands that a breach at an external IT service provider exposed customer data stored in a separate file. The retailer said the incident did not affect its shopping platform or payment systems, but attackers were able to briefly access and steal some of the stored records. In a separate incident, Ernst & Young disclosed a breach involving a third-party support ticket system that contained client documents and tax-related information. Both cases highlight how vendors and service providers can become the weakest link even when the primary company has strong internal controls. This matters because the exposed information can still be used for phishing, fraud, or follow-on social engineering even without payment card data. The incidents reinforce the need to track third-party exposure as part of core security governance, not just procurement paperwork.

Sources

Leave a Reply

Your email address will not be published. Required fields are marked *


Post Comment