DoorDash confirms data breach exposing users’ phone numbers and addresses

DoorDash has confirmed a data breach that exposed personal information belonging to an undisclosed number of users, including names, email addresses, phone numbers and physical addresses. The company stated that although contact details were accessed, no sensitive information was compromised and it has found no evidence so far of the data being used for fraud or identity theft.

The breach has affected a combination of customers, delivery partners and merchants, according to the company’s disclosure. When asked to specify the number of people impacted, spokesperson Michelle Babin did not provide figures and instead shared a statement reiterating the key points outlined in the company’s blog post.

DoorDash reported that the incident stemmed from an employee falling victim to a social engineering attack. Once the breach was detected, the company disabled the attackers’ access, opened an internal investigation and notified law enforcement.

The company confirmed to TechCrunch that no Social Security numbers, government-issued IDs, driver’s licence details or bank and payment card information were accessed in the incident. DoorDash said that all affected users have now been informed.