On Thursday, the widely used meal delivery service, DoorDash stated that their system had a data breach. The breach reportedly afforded the hackers the information of an estimated 4.9 billion DoorDash customers. It was also indicated that delivery executives and restaurants might have had their information obtained as well.
On a blog post on the company’s website, it has been confirmed that an unauthorized, third-party service provider was able to access and obtain the data on May 4th. The information that is believed to have been leaked in the incident possibly includes the last four digits of customers credit cards as well as the last four digits of both restaurants and delivery executives bank accounts. It's suspected that additional data was obtained as well, possibly including names, emails, addresses, and phone numbers acquired by the hackers.
It is pretty much a given that as more and more businesses and company’s segue to the online realm, that data breaches will, unfortunately, become more and more commonplace. However, what makes the data breach with DoorDash different is the fact that an estimated 100,000 "dashers," those independent contractors who perform the deliveries for the meal service, appear to very well have had their personal driver's license numbers leaked in the breach.
There has been little additional information forthcoming from DoorDash, as the company has declined to comment on the incident, other than the basic information that was included in its blog post on Thursday. In that post, DoorDash stated that they “deeply regret the frustration and inconvenience” that its customers may be experiencing from the event.
When the meal service provider became aware, earlier this month, of “unusual activity involving a third-party service provider” earlier in the month. After initiating an internal investigation, as well as blocking an authorized user, the company stated it had increased the security around its data by way of additional layers as well as consulting with outside security experts.
The meal delivery service company, based in San Francisco learned of the data breach earlier this month. They have since stated that the investigation into the incident is on-going. DoorDash has said that those customers who joined after April 15th, 2018 were not impacted by the breach. And those that were included in the breach can rest assured that there was not information taken from the accounts that would be sufficient to complete any unauthorized, fraudulent charges.
With that said, DoorDash has been reaching out to all those parties that were affected by the breach and encouraging them to reset all of their account passwords.
So, what’s the verdict—you decide.
Did DoorDash fail to take the necessary steps to protect their independent contractors and customers personal information?