DoorDash announced on September 26 2019, that it had suffered a data breach, exposing sensitive information of 4.9 million customers, merchants, and DoorDash drivers. DoorDash said the breach compromised names, email addresses, order histories, phone numbers, delivery addresses, and passwords. Some users also had partial credit card numbers stolen, and 100,000 DoorDash drivers had their driver’s license number compromised, reports Wired.
☝️ This is the general 800 number. If you change it, change the linked phone number too.
How did the DoorDash data breach occur?
DoorDash said that in early September 2019, it became aware of “unusual activity” from a third-party service. DoorDash says it hired “outside security experts” to figure out what happened, and they determined that a hacker had gained access to DoorDash user data on May 4, 2019. DoorDash says that it has added “additional protective security layers around the data,” after learning of the attack.
Am I affected by the DoorDash data breach?
DoorDash says that 4.9 million users were affected, but only users who joined before April 5, 2018. If you created your DoorDash account after 4/5/2018, you were not impacted, according to DoorDash.
DoorDash says that it is reaching out directly to affected individuals. It did not say how (such as through email or through the DoorDash app).
DoorDash also says that to find out if you’re affected, you can call its “dedicated call center available 24/7 for support at 855–646–4683.”
What information was compromised in the DoorDash breach?
DoorDash says that different types of data were compromised for different categories of individuals. Depending on your category, the following data may have been stolen:
Everyone
Name
Email address
Delivery address
History of DoorDash orders
Phone numbers
Passwords
Although the passwords were “hashed,” DoorDash recommends that users change their passwords by visiting www.doordash.com/accounts/password/reset.
Linda has recovered millions of dollars prosecuting fraud, breach of contract, and breach of fiduciary cases against large banks and insurance companies.
Jeff represents workers and consumers in complex class actions involving data breaches and privacy, employment law, and other corporate misconduct.
Our Data Breach Experience
Our attorneys recently won two prestigious awards for our work in data breach lawsuits. Eric Gibbs received a 2018 “MVP” award and 2019 CLAY award (“California Attorney: Lawyer of the Year”) for his work successfully representing data breach victims.
Our attorneys served in a court-appointed leadership role in the Anthem data breach class action, and helped achieve a $115 million settlement for victims of the Anthem data breach. The settlement received final approval from the court in August 2018.
Gibbs Mura is a California-based law firm committed to protecting the rights of clients nationwide who have been harmed by corporate misconduct. We represent individuals, whistleblowers, employees, and small businesses across the U.S. against the world’s largest corporations. Our award-winning lawyers have achieved landmark recoveries and billions of dollars for our clients in high-stakes class action and individual cases involving consumer protection, data breach, digital privacy, and federal and California employment lawsuits. Our attorneys have received numerous honors for their work, including “Top Plaintiff Lawyers in California,” “Top Class Action Attorneys Under 40,” “Consumer Protection MVP,” “Best Lawyers in America,” and “Top Cybersecurity/ Privacy Attorneys Under 40.”
