3 hours ago
4
A Grubhub security breach has exposed personal data for both customers and drivers, says the company, after an “incident” involving a third-party contractor.
The company has not revealed the exact scale of the security fail, but has admitted that the personal data includes names, email addresses, phone numbers, and partial credit card numbers …
Grubhub says it believes that only a limited subset of customers and drivers were affected.
We recently detected unusual activity within our environment traced to a third-party service provider for our Support Team. Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider. We immediately terminated the account’s access and removed the service provider from our systems altogether.
The unauthorized individual accessed contact information of campus diners, as well as diners, merchants and drivers who interacted with our customer care service.
Additionally, it says the contractor obtained hashed versions of passwords for some of its internal systems.
Grubhub, which is in the process of being sold by parent company Just Eat for $650M, says it has taken three actions in response to the breach:
- Engaged Forensic Experts: Partnered with a third-party cybersecurity firm for a comprehensive investigation.
- Strengthened Credential Security: Rotated all relevant passwords to prevent potential unauthorized access.
- Enhanced Monitoring: Deployed additional anomaly detection mechanisms across internal services.
It has not offered any identity theft protection to affected users.
Photo by Rowan Freeman on Unsplash
FTC: We use income earning auto affiliate links. More.
English (US) ·