Grubhub, an American online food delivery service, has confirmed a data breach that compromised the personal information of customers, merchants, and drivers. This incident highlights the ongoing challenges in securing sensitive data in the digital age.
The food delivery company released a statement on February 3, 2025, of an “unusual activity” detected in their environment which was traced back to a third-party service provider that supports Grubhub’s customer care operations. The compromised data includes names, email addresses, phone numbers, and partial payment card details (card type and last four digits) for a subset of campus diners.
The primary entities involved in this breach are Grubhub, the affected customers, merchants, and drivers, and the third-party service provider whose account was compromised.
In response to the breach, Grubhub immediately terminated the compromised account’s access and removed the third-party service provider from its systems. The company hired external forensic experts to assess the breach’s impact and ensure that no sensitive personal or financial data. The company also has rotated passwords for any accounts that may have been at risk and implemented enhanced anomaly detection mechanisms across its internal services.
#CyTech #CyTechNewsRoom #Cybersecurity #CISO #CISOWorkplace™ #CIM #SCRM #DataBreach #GrubHub
Leave a Reply