DoorDash Says Personal Information Stolen in Data Breach

Food delivery company DoorDash is notifying users, Dashers, and merchants of a recent data breach that led to personal information compromise.

The incident was discovered on October 25, the company says in the notifications sent to the impacted individuals, copies of which have been shared on social media.

The data breach was the result of a social engineering attack that targeted one of DoorDash’s employees, the company said in an incident notice on its website.

“The response team identified the incident, shut down the unauthorized party’s access, started an investigation, and referred the matter to law enforcement,” DoorDash says.

The attackers stole user information such as names, addresses, email addresses, and phone numbers. The compromised data pertains to customers, Dashers, and merchants, the company said.

“No sensitive information, such as Social Security numbers or other government-issued identification numbers, driver’s license information, or bank or payment card information, was accessed,” DoorDash says.

The company has no evidence that the stolen information has been misused for fraud or identity theft.

DoorDash said that no Wolt or Deliveroo customers have been impacted, and that it has notified the affected users where necessary.

Advertisement. Scroll to continue reading.

DoorDash has not shared the number of impacted individuals, nor did it say where the affected people are located.

The company operates in the US, Canada, Australia, and New Zealand, and it appears that users in all regions might have been affected, based on DoorDash telling users to direct any questions regarding the incident to its call centers, one for the US and Canada, and another for international callers.

SecurityWeek has emailed DoorDash for additional information on the incident and will update this article if the company responds.