A recent security breach at Grubhub has compromised personal information of both customers and delivery drivers, according to the company. This incident was linked to a third-party contractor.
While the company has not provided specifics on the extent of the data exposure, it has confirmed that the personal information includes names, email addresses, phone numbers, and partial credit card numbers.
Grubhub asserts that it believes only a small number of customers and drivers were impacted.
We have detected irregular activity in our system traced back to a third-party service provider for our Support Team. Upon identifying the issue, we initiated an investigation and discovered unauthorized access to an account related to this provider. We acted quickly to revoke access and have completely removed the service provider from our systems.
The unauthorized individual accessed the contact details of campus diners, along with merchants and drivers who utilized our customer care service.
Furthermore, it was noted that the contractor retrieved hashed versions of passwords from some internal systems.
As Grubhub prepares for a $650M sale by its parent company Just Eat, it has implemented three measures in response to the security breach:
- Engaged Forensic Experts: Collaborated with a cybersecurity firm for a thorough investigation.
- Strengthened Credential Security: Changed all relevant passwords to thwart any potential unauthorized access.
- Enhanced Monitoring: Implemented additional anomaly detection systems across internal services.
The company has not provided any identity theft protection services to those affected.
Photo by Rowan Freeman on Unsplash
FTC: We utilize income-generating auto affiliate links. More.
