Grubhub Data Breach: Customer & Driver Data Affected

Grubhub Data Breach Exposes Customer and Driver Information

Grubhub, a leading U.S. food delivery service, has announced that unauthorized access to its internal systems resulted in a data breach impacting personal information belonging to both customers and delivery personnel.

Company Overview

Grubhub operates a widely-used food-ordering and delivery platform. It currently supports over 375,000 merchants and 200,000 delivery providers across more than 4,000 cities within the United States.

Last year, the company was acquired by New York-based Wonder Group in a transaction valued at $650 million. This figure represents a significant decrease from the $7.3 billion paid by Just Eat Takeaway in 2020.

Details of the Security Incident

The Illinois-based company revealed on Monday that a data breach had occurred, compromising the personal data of an unspecified number of customers, merchants, and drivers.

Grubhub detected suspicious activity within its network and traced the source to a third-party service provider. An investigation was immediately initiated.

“Upon detection of the unusual activity, we swiftly began an investigation,” Grubhub stated. “This investigation identified unauthorized access to an account belonging to this provider.”

The compromised account was immediately deactivated, and the service provider was completely removed from Grubhub’s systems.

Data Affected by the Breach

The unauthorized access allowed hackers to obtain personal details of individuals who had interacted with Grubhub’s customer care services.

Users of Grubhub’s Campus Dining service, which facilitates the use of university meal credits through the app, were also affected.

Compromised personal details include names, email addresses, phone numbers, and partial payment card information – specifically, the last four digits of the card number – for a portion of Campus Dining users.

Grubhub also reported that hashed passwords for some older systems were accessed. However, bank account details and Social Security numbers were not impacted by this breach.

Lack of Specificity

Grubhub has not disclosed the total number of individuals affected by the data breach. Furthermore, the company has not yet revealed when the incident initially took place.

A response to inquiries from TechCrunch was not immediately provided by the company.

Contact Information

Do you possess additional information regarding the Grubhub data breach? We are interested in hearing from you. Please contact Carly Page securely via Signal at +44 1536 853968 or through email at carly.page@techcrunch.com, using a non-work device.