Grubhub has confirmed that sensitive information from users, drivers, and merchants on the app have been compromised in a recent data breach.
As of February 3, the food delivery company was unclear just how widespread the breach was, but an investigation into the incident is ongoing.
“We recently identified a security incident involving a third-party contractor, resulting in unauthorized access to certain user contact information,” Grubhub said in a statement.
“We took immediate action to contain the situation and have worked with leading forensic experts to investigate the matter. We are confident that the incident has been fully contained.”
What consumers should know
So far, Grubhub has learned that three primary groups have been exposed to the data breach: Grubhub users, Grubhub drivers, and retailers on the Grubhub platform.
The initial investigation found that the compromised data includes: names, email addresses, phone numbers, and partial credit card information, including the last four digits of the card and the type of credit card. Grubhub said that each individual involved in the breach may have all or some combination of these factors stolen.
Additionally, Grubhub has also confirmed that other sensitive information has remained untouched through the breach:
Grubhub users’ passwords
Retailers’ login information
Full credit card numbers
Bank account details
Social Security or driver’s license numbers
Grubhub is conducting an ongoing investigation following the data breach, and has instituted tighter security measures and greater security monitoring across its platform.
“We remain dedicated to protecting the trust placed in us by our customers, merchants, and drivers,” Grubhub said in its statement. “ We have taken decisive steps to further secure our systems and are actively strengthening our security controls to prevent similar incidents in the future.”