DoorDash announced on Thursday that a security breach revealed personal data of approximately 4.9 million customers, delivery workers, and merchants. The company said in a statement that the leaked information may include the driver’s license number of about 100,000 delivery workers. Other data may include name, email address, delivery address, order history, phone number, etc.
The company issue also a statement that the last four digits of some consumer payment cards may also be exposed, but it does not contain enough data to make fraudulent charges. The last four digits of the delivery account and the merchant’s bank account may have been accessed by others. But the company said the information was not sufficient for fraudulent withdrawals.
DoorDash indicates that other measures have been taken to protect the data stored in its system. According to the company, the leaked data is limited to customers, merchants and delivery personnel who joined the company’s platform on or before April 5, 2018.
DoorDash said that they were aware of the vulnerability earlier this month and confirmed on May 4 that “unauthorized third parties have accessed certain user data from DoorDash.” A spokesperson for DoorDash said the data breach involved a third-party service provider and is currently investigating.