The popular food delivery service, DoorDash, uncovered “unusual activity” with a third-party vendor and found that some of its user data were breached.
Outside security experts confirmed to DoorDash that nearly 5 million consumers, independent contractor drivers, and retailers who used the platform on or before April 5, 2018, were affected by the breach. Data accessed could include profile information like names, email addresses, delivery addresses, order history, phone numbers, and some password information. Additionally, the last four digits of credit cards used by consumers were exposed, but not the entire card number.
Drivers and retailers on the platform also had the last four digits of their bank account number exposed, but the information is not sufficient to make any changes to an account. Approximately 100,000 drivers also had their drivers’ license numbers exposed in the breach.
DoorDash has taken steps to increase its overall security and has added additional layers of security to improve protocols around user data.
Using outside vendors within your business can open you up to different vulnerabilities that can lead to breaches and other security issues. When vetting vendors, establishing a baseline of security is a critical step to ensure your business, data, and customers are protected.