- Grubhub confirms data breach exposing personal information of customers, merchants, and drivers, linked to a third-party service provider.
- Compromised data includes names, email addresses, phone numbers, partial payment card details, and hashed passwords for legacy systems.
- Grubhub terminated access to the unauthorized account and removed the service provider, but has not disclosed the number of affected individuals or the timing of the breach.
Grubhub has confirmed a data breach that exposed the personal information of customers, merchants, and delivery drivers. The U.S.-based food delivery company detected unauthorized access to its systems and attributed the breach to a third-party service provider. The company has not disclosed how many individuals were affected.
The breach impacted users who engaged with Grubhub’s customer care service, including those using its Campus Dining feature, which allows university students to pay for food deliveries with meal credits. Hackers gained access to sensitive information such as names, email addresses, phone numbers, and partial payment card details, including the last four digits of card numbers for certain users. Additionally, hashed passwords for legacy systems were also compromised.
Upon detecting the breach, Grubhub launched an internal investigation and identified an unauthorized account linked to the third-party provider. The company swiftly terminated the account’s access and severed ties with the service provider to prevent further exposure. Despite the breach, Grubhub stated that more sensitive financial details, such as bank account information and Social Security numbers, were not compromised.
The timing of the incident remains unclear, as Grubhub has not provided details on when the breach occurred. The company also has not disclosed the exact number of affected individuals. The breach adds to the growing concerns over data security within the food delivery industry, which relies on vast amounts of customer and merchant information to operate efficiently.
Grubhub, acquired by Wonder Group last year for $650 million, continues to assess the full extent of the breach. The company has not yet responded to additional inquiries regarding the incident. As investigations continue, affected users are advised to monitor their accounts for any suspicious activity and update their login credentials as a precautionary measure.
