Meals supply firm Grubhub has confirmed that it suffered a safety breach, with consumer, driver, and service provider knowledge compromised, together with hashed passwords and partial bank card particulars.
Grubhub says that it seen “uncommon exercise” that it traced again to an account utilized by a third-party service supplier for its buyer help workforce. The account’s entry was terminated, and the service supplier faraway from Grubhub’s methods.
Earlier than the breach was detected, knowledge was accessed regarding clients, drivers, and retailers who had used Grubhub’s customer support system, together with pupil customers of its campus eating service. Names, e-mail addresses, and cellphone numbers had been accessed, together with partial bank card particulars together with the cardboard sort and final 4 digits, and hashed passwords for “sure legacy methods.”
Grubhub hasn’t disclosed when the breach occurred or what number of accounts had been accessed, but it surely says it has proactively rotated any passwords it believes had been affected. The corporate says that checking account data and full cost card particulars weren’t accessed.
Grubhub remains to be finalizing a sale from Simply Eat to meals corridor startup Surprise for $650 million. The deal was introduced in November 2024, and is predicted to shut within the first quarter of 2025.