Grubhub data breach overview:
- Who: Grubhub revealed a recent data breach exposed some users’ contact information and partial payment card numbers.
- Why: The company says the data breach resulted from unauthorized access to a third-party contractor’s system.
- Where: The Grubhub data breach affects consumers nationwide.
Grubhub revealed a recent data breach exposed the contact information and partial payment card numbers of some users.
The online food ordering and delivery marketplace says it recently detected unusual activity within its environment that was traced to a third-party service provider for its support team. After launching an investigation, Grubhub identified unauthorized access to an account associated with the provider.
“We immediately terminated the account’s access and removed the service provider from our systems altogether,” Grubhub says in a statement.
The unauthorized individual allegedly accessed the contact information of campus diners, as well as diners, merchants and drivers who interacted with Grubhub’s customer care service, according to the company.
Grubhub says the contact information exposed in the data breach varied by individual but included names, email addresses and phone numbers.
Grubhub says threat actor also accessed certain hashed passwords
The company says the unauthorized party also accessed hashed passwords for certain legacy systems and it proactively rotated any passwords it believed might have been at risk.
Grubhub also encouraged customers to use unique passwords to minimize risk; however, it says there was no evidence to show the threat actor accessed any passwords associated with the Grubhub Marketplace.
The company says its investigation confirmed the unauthorized party was not able to access Grubhub Marketplace customer passwords, merchant login information, full payment card numbers, bank account details or Social Security or driver’s license numbers.
Grubhub says it partnered with a third-party cybersecurity firm for a comprehensive investigation, rotated all relevant passwords to prevent potential unauthorized access and deployed additional anomaly detection mechanisms across internal services.
“We remain dedicated to protecting the trust placed in us by our customers, merchants and drivers,” the company says. “We have taken decisive steps to further secure our systems and are actively strengthening our security controls to prevent similar incidents in the future.”
Late last year, Grubhub agreed to pay $25 million and overhaul its business practices to end a federal investigation involving the Federal Trade Commission and the Office of the Illinois Attorney General.
Are you affected by the Grubhub data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
161 thoughts onGrubhub discloses data breach
California my info is being hacked to pay for orders on the dark web
I received something from grubhub stating my password was in a data breach
Ohio here.. add please