ECNETNews has confirmed a significant data breach involving the food delivery service Grubhub, affecting both drivers and customers. The breach was reported on Monday, revealing that a malicious actor gained access to Grubhub’s systems through a compromised third-party vendor assisting Grubhub’s support team.
The unauthorized access allowed the hacker to extract sensitive information related to customers, merchants, and drivers who previously interacted with Grubhub’s customer service, with campus diners also impacted.
Grubhub disclosed that the nature of the data stolen varies for each individual affected. Hackers managed to obtain names, email addresses, and phone numbers, along with partial payment card information for some campus diners, including card type and the last four digits. Additionally, hashed passwords from certain legacy systems were accessed.
Details on the overall scale of the breach remain unclear. However, Grubhub reported that upon discovering the intrusion, they promptly removed access from the compromised account and severed ties with the affected service provider.
Importantly, Grubhub assured that customer and merchant login credentials, passwords, as well as full payment card numbers, bank account information, driver’s licenses, and social security numbers were not part of the breach.
