A recent security breach at Grubhub has compromised the personal information of customers and delivery drivers, according to the company’s statement regarding an “incident” linked to a third-party contractor.
While the full extent of the breach has not been disclosed, the company acknowledged that sensitive information such as names, email addresses, phone numbers, and partial credit card numbers were involved.
Grubhub is confident that only a small portion of customers and drivers have been impacted.
We recently identified anomalous activity in our environment that was traced back to a third-party service provider for our Support Team. Once discovered, we initiated an investigation that uncovered unauthorized access to an account linked with this provider. We swiftly terminated the account’s access and removed the service provider from our systems.
The unauthorized individual gained access to contact details of campus diners, along with information of diners, merchants, and drivers who utilized our customer care services.
Moreover, the contractor was also able to access hashed versions of some passwords from our internal systems.
Currently, Grubhub, which is being sold by its parent company Just Eat for $650 million, has implemented three key measures in response to the incident:
- Engaged Forensic Experts: Collaborated with a third-party cybersecurity firm for a thorough investigation.
- Strengthened Credential Security: Updated all relevant passwords to thwart potential unauthorized access.
- Enhanced Monitoring: Introduced additional anomaly detection strategies across our internal services.
However, no identity theft protection has been offered to the affected individuals.
Photo by Rowan Freeman on Unsplash
: . More.
