Grubhub Data Breach Exposes Customer and Driver Information

Hackers accessed personal details through a third-party account, prompting Grubhub to enhance security measures and investigate the impact.

Grubhub confirmed that hackers accessed personal data, including names, email addresses, phone numbers, and partial credit card details, through a third-party service provider's account.
The breach also compromised hashed passwords for certain legacy systems, but full payment card details, Social Security numbers, and bank account information were not accessed.
The breach affected customers, drivers, merchants, and campus dining users who interacted with Grubhub's customer support platform.
Grubhub has terminated the third-party account, removed the service provider from its systems, and implemented additional security measures, including password rotations and enhanced anomaly detection.
The company has not disclosed the exact number of affected individuals or the specific timeline of the breach but continues to investigate the incident with external forensic experts.