The DoorDash food delivery service just announced a major data security incident that may affect millions of their customers, their own drivers, and participating restaurants.
The DoorDash security breach was first discovered earlier this month, but the actual incident occurred on May 4, 2019, when an unidentified third party accessed the information. DoorDash is still investigating the incident and urges customers to change their passwords as a precaution.
DoorDash asserts that anyone who signed up for their service after April 5, 2018, will not be affected, based on the data that was accessed.
The information that was compromised during the security breach includes:
- Customer data for approximately 4.9 million people, including names, email addresses, delivery addresses, phone numbers, order history, and partial passwords. Partial views of customers' credit card account numbers (the last four digits) were also viewed. Full credit card numbers and security codes for cards were NOT accessed.
- Driver's license numbers for up to 100,000 DoorDash delivery personnel.
- The last four digits of bank account numbers for an undisclosed number of DoorDash delivery personnel and partner restaurants.
According to DoorDash, the partial bank account numbers and credit card numbers are not enough information to be used for incurring fraudulent charges. They are, however, suggesting that users log in and change their passwords.
DoorDash is working on contacting affected users individually with this information, so keep an eye out for an email from them if you joined the service before April 2018.
**All of the photos in this article are courtesy of the DoorDash Facebook page.
For more information about the security incident, head to the corporate blog and view the DoorDash announcement about the data breach. You can also give DoorDash a call at (855) 646-4683 to speak to someone directly.
Do you fall into the category of a potentially affected DoorDash customer, driver, or merchant? What precautions will you be taking to secure your financial information and watch for fraudulent charges? Let us know what you plan to do in the comments.