DoorDash says data breach at third-party vendor exposes personal data of customers and employees
Malicious actors gained personally identifiable information of both customers and workers of DoorDash, the US food delivery platform revealed in a statement on Aug. 25.
The data breach occurred after a third-party vendor fell victim to a phishing attack that let hackers steal employee credentials and access internal tools, according to the statement.
“We recently became aware that a third-party vendor was the target of a sophisticated phishing campaign and that certain personal information maintained by DoorDash was affected,” the notice reads.
Personal information exposed
In the data breach notice, DoorDash didn’t disclose the number of impacted customers. The company, however, has disclosed the type of customer and employee information exposed, and this includes:
- names, email addresses, delivery addresses and phone numbers of customers
- basic order information and partial payment card information, such as card type and four last digits of the card number for a smaller set of consumers
- names, phone numbers and email addresses of delivery drivers
“Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers,” DoorDash added.
The company also said it has seen no evidence of the misuse of the exposed personal data, such as identity theft or fraud.
In response to the data breach, DoorDash said it immediately cut off the link with the third-party vendor and that it’s working on enhancing security of their internal and third-party vendors’ security systems. The company also said it's working alongside police to find the culprits.
DoorDash customers are urged to remain vigilant for unsolicited emails, texts or phone calls asking for personal info, and to never click or download attachments for unsolicited correspondence.
Fight off data breaches with Bitdefender Digital Identity Protection
Bitdefender Digital Identity Protection continuously monitors your personal information, alerting you in real time in case of data breaches and leaks. This lets you immediately change your passwords and secure your accounts to prevent financial loss or even social media impersonation, which can ruin your reputation.
Managing your digital footprint has never been easier. With our dedicated privacy tool, you can:
· Discover the extent of your digital footprint
· Find out if your personal information was exposed in legal and illegal collections of data
· Benefit from 24/7 data breach monitoring for up to five email addresses
· Get instant alerts to new breaches and privacy threats
· Detect social media impersonators
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022