U.S. Delivery Platform Grubhub Confirms Data Breach Impacting Customers and Drivers

The leading delivery company, Grubhub, announced a data breach in their platform this Monday. Hackers gained access to sensitive information, but the company assured that the breach has been contained.

According to the official statement, the incident was related to a third-party contractor and unauthorized users got access to private information including names, emails, phone numbers, hashed passwords, and partial payment card details from drivers, merchants, and diners.

“We took immediate action to contain the situation and have worked with leading forensic experts to investigate the matter,” wrote the company. “We are confident that the incident has been fully contained.”

The company clarified that, according to its investigation—in partnership with a cybersecurity company—, hackers didn’t access full payment card numbers, bank account numbers, social security or license numbers, or Grubhub Marketplace customer passwords. However, the company did not specify how many accounts were affected.

According to TechCrunch, Grubhub’s platform operates in more than 4,000 cities in the United States and hosts over 375,000 merchant accounts and 200,000 delivery providers.

Grubhub said it took action by enhancing its monitoring strategies and strengthening security measures. They recommended users to create unique passwords to reduce risks in the future.

“We remain dedicated to protecting the trust placed in us by our customers, merchants, and drivers,” concluded the company in the statement. “We have taken decisive steps to further secure our systems and are actively strengthening our security controls to prevent similar incidents in the future.”

Researchers from Wiz Research recently discovered a publicly accessible database from DeepSeek leaking sensitive information, including private chat history and secret keys.