DoorDash Confirms Data Breach Exposing Customer Information

American food delivery service DoorDash has begun notifying customers about a data breach in which unauthorised access to its internal network led to the theft of personal information.

 

DoorDash is an American technology company that runs an online food ordering and delivery platform. Through its app or website, customers can order from a wide range of restaurants, grocery stores, and other local businesses. Deliveries are fulfilled by independent contractors known as “Dashers.”

 

In a data security incident notice sent to affected customers, DoorDash said that on October 25, it identified an unauthorised access within its internal network. The food delivery platform immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that the threat actor accessed and stole the sensitive personal information of its customers. The compromised data included names, physical addresses, phone numbers and email addresses. 

 

While the company did not disclose how many people were impacted, security expert Troy Hunt estimates that approximately 367,500 accounts were affected.

 

“No sensitive information was accessed by the unauthorised third party and we have no indication that the data has been misused for fraud or identity theft at this time,” DoorDash said.

 

“We have already taken steps to respond to the incident, including deploying enhancements to our security systems, implementing additional training for our employees, bringing in a leading cybersecurity forensic firm to assist in our investigation of this issue, and notifying law enforcement for ongoing investigation,” the company added.

 

In August 2022, DoorDash revealed that an “unauthorised party” had accessed personal information belonging to some customers and drivers following a phishing attack on a third-party vendor.