Grubhub suffers data breach, personal details of users compromised
What's the story
US-based food delivery giant, Grubhub, has confirmed a major data breach. The company admitted that hackers broke into its internal systems and stole personal information of an undisclosed number of customers and drivers. The breach was initially detected when "unusual activity" was spotted within the company's network. It was traced back to a third-party service provider working with Grubhub.
Immediate action
Grubhub's response to data breach
Upon learning of the breach, Grubhub quickly launched an investigation and found that an account associated with the third-party service provider had been accessed without authorization. "We immediately terminated the account's access and removed the service provider from our systems altogether," the company said in a statement. This was done to prevent any further unauthorized access and safeguard user information.
Data compromised
Extent of information compromised in Grubhub breach
The Grubhub data breach gave hackers access to personal details of customers, merchants, and drivers who had interacted with its customer care service. Users of Grubhub's Campus Dining service were also affected by the security incident. The compromised information includes names, email addresses, phone numbers, and partial payment card details (last four digits of the card number) for some campus diners.
Uncompromised data
Grubhub clarifies on unaffected data
Along with the personal details, hashed passwords for some legacy systems were also accessed in the breach. However, Grubhub has assured that bank account details and Social Security numbers were not compromised in this incident. The company has not yet revealed how many people were affected by the breach.