Grubhub has disclosed a data breach stemming from a security incident involving a third-party service provider. The breach resulted in unauthorized access to certain user contact information, including names, email addresses, and phone numbers, as well as partial payment card details for some campus diners. The company took immediate action to contain the breach, terminated the affected vendor's access, and launched an investigation with forensic experts.
Founded in 2004 and headquartered in Chicago, Grubhub is one of the largest online food ordering and delivery platforms in the United States. The company connects diners with local restaurants through its marketplace, offering services in thousands of cities. It also partners with campuses, merchants, and independent drivers to facilitate food deliveries.
The incident was discovered after Grubhub detected unusual activity within its systems, which was traced back to a third-party contractor providing support services. Upon further investigation, the company identified unauthorized access to an account associated with the provider. In response, Grubhub promptly revoked the account’s access and severed ties with the vendor to mitigate further risks.
According to Grubhub, the compromised data varied by individual but included contact details for campus diners, merchants, and drivers who interacted with the company’s customer care service. In addition, for a subset of campus diners, the breach exposed partial payment card information, specifically the card type and the last four digits of card numbers. The incident also involved access to hashed passwords from certain legacy systems, prompting the company to rotate all potentially affected credentials as a precaution. However, Grubhub confirmed that no passwords related to Grubhub Marketplace accounts were accessed.
The company reassured users that more sensitive information—such as full payment card numbers, bank details, Social Security numbers, and merchant login credentials—was not compromised in the breach.
In response to the breach, Grubhub implemented several security measures to prevent future incidents. The firm engaged forensic experts to conduct a thorough investigation and assess potential risks, rotated all relevant passwords to block unauthorized access, and deployed advanced anomaly detection tools across internal services.
While the company believes the situation has been fully contained, it encourages users to practice good cybersecurity habits, such as using unique passwords and remaining vigilant against potential phishing attempts.
Google Fixes Zero-Day Flaw Exploited in Targeted Android Attacks
Leave a Reply