Overview
- DoorDash says an October 25 incident let an unauthorized party access names, email addresses, phone numbers, and physical addresses for some customers, Dashers, and merchants.
- The company reports no access to Social Security numbers, government IDs, driver’s license data, or bank and payment card information, and says there is no indication of fraud or identity theft so far.
- Access was revoked once detected, an investigation is underway with a third‑party forensic firm, and the matter has been referred to law enforcement.
- Notifications went out on November 13, drawing backlash over the delay and over language describing contact details as non‑sensitive, with at least one Canadian user signaling legal complaints.
- DoorDash cites new security enhancements, added employee social‑engineering training, and stronger authentication measures, while separately agreeing to an $18 million settlement with Chicago over earlier deceptive‑practice claims.