DoorDash has announced a data breach that compromised the personal information of an unspecified number of individuals. The exposed data includes names, email addresses, phone numbers, and physical addresses.
The company stated that despite the theft of phone numbers and physical addresses, no sensitive information was accessed by the unauthorized third party. DoorDash also indicated it has no evidence that the data has been misused for fraud or identity theft at this time.
The breach affected a combination of customers, delivery workers, and merchants. When asked about the exact number of users impacted, company spokesperson Michelle Babin did not provide a figure and instead released a statement that reiterated the company’s official blog post.
The security incident began when an employee fell for a social engineering attack. After identifying the breach, DoorDash shut down the hackers’ access to its systems, initiated an investigation, and reported the event to law enforcement.
DoorDash confirmed that Social Security numbers, other government-issued identification numbers, driver’s license information, and bank or payment card details were not stolen. The company has notified all users impacted by this breach.
This story has been updated to include the response from the DoorDash spokesperson.