GrubHub Confirms Data Breach Affecting Customers and Drivers
GrubHub has disclosed a security breach that exposed customer contact details and partial payment information. The company confirmed on Monday that unauthorized access was detected, affecting users linked to its campus dining program, along with drivers, merchants, and customers who contacted its support team.
Exposed data includes names, email addresses, and phone numbers, as well as the last four digits and card type for some campus diners. Additionally, hashed passwords from older systems were accessed, though GrubHub states that critical information such as full passwords, bank account details, and Social Security numbers was not compromised. The breach stemmed from a third-party service account used in customer support, which has since been removed.
While GrubHub has reset affected passwords, users are advised to update their credentials as a precaution. Cybersecurity experts also recommend using password managers and removing stored payment information to reduce future risks.
As investigations continue, customers are urged to remain vigilant, with security professionals warning that breaches often reveal additional compromised data over time.