Summary: GrubHub reported a data breach affecting customer, merchant, and driver information due to an attack via a third-party service provider account. Although sensitive data such as passwords and financial information remained secure, attackers accessed names, email addresses, phone numbers, and partial payment card details. GrubHub is taking steps to enhance security measures and has terminated the compromised service provider’s access.
Affected: GrubHub, its customers, merchants, and delivery drivers
Keypoints :
- Attackers breached GrubHub’s systems using a third-party service provider account.
- Access included names, email addresses, phone numbers, and partial payment card information for some diners.
- No evidence found of access to sensitive financial information or account passwords.
- GrubHub has implemented additional security measures and terminated the compromised service provider’s access.