DoorDash data breach exposes customers’ personal, financial information

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

DoorDash data breach overview: 

• Who: DoorDash revealed that a data breach exposed the personal information of its drivers and an undisclosed amount of its customers. 
• Why: DoorDash says the data breach was the result of a third-party vendor phishing campaign and that no sensitive information was compromised. 
• Where: DoorDash is used by consumers nationwide. 

Online food ordering company DoorDash confirmed in a blog post last week that a data breach exposed the personal information of its customers. 

DoorDash revealed that personal information for an undisclosed amount of customers was exposed in the data breach, including phone numbers, names, email addresses and partial payment card numbers, among other things. 

“We recently became aware that a third-party vendor was the target of a sophisticated phishing campaign and that certain personal information maintained by DoorDash was affected,” the company says in the blog post. 

Drivers for DoorDash were also affected by the data breach with hackers able to access personal information including their names, phone numbers and email addresses, the company says. 

DoorDash reassured its customers, however, that no sensitive information was compromised in the data breach. 

“Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers or Social Security or Social Insurance numbers,” DoorDash says. 

DoorDash data breach has not led to identity theft, fraud, company says

DoorDash also says it has “no reason to believe” that any of the exposed personal information has “been misused for fraud or identity theft at this time.” 

The DoorDash data breach occurred after the employee of a third-party vendor had their account credentials stolen and then used to access the internal tools of DoorDash, according to the company. 

DoorDash did not reveal a timeline associated with the data breach, only that it had decided to fully investigate what had happened before choosing to disclose it to the public, TechCrunch reports. 

The company says it has taken several steps in response to the incident and to prevent future data breaches, including enhancing its security and working with security experts, among other things. 

“We value the trust we’ve built with each and every member of the DoorDash community, and protecting our platform and your personal information is a top priority for DoorDash. We sincerely regret that this attack occurred,” DoorDash says. 

In related DoorDash news, a consumer filed a class action lawsuit against DoorDash last month over claims the company charges a hidden delivery fee. 

Are you concerned your personal information may have been exposed in the DoorDash data breach? Let us know in the comments! 

Read About More Class Action Lawsuits & Class Action Settlements:

• Meta class action alleges company uses Meta Pixel for large-scale data collection
• Top mobile carriers including Verizon, AT&T, T-Mobile share data privacy practices
• Applebees, Chipotle, other restaurants face class action alleging automated voice ordering technology data privacy violations
• Coinbase class action claims company fails to prevent account hacks