Doordash announced on September 26 2019, that it had suffered a data breach, exposing sensitive information of 4.9 million customers, merchants, and Doordash drivers. Doordash said the breach compromised names, email addresses, order histories, phone numbers, delivery addresses, and passwords. Some users also had partial credit card numbers stolen, and 100,000 Doordash drivers had their driver’s license number compromised, reports Wired.
How did the Doordash data breach occur?
Doordash said that in early September 2019, it became aware of “unusual activity” from a third-party service. Doordash says it hired “outside security experts” to figure out what happened, and they determined that a hacker had gained access to Doordash user data on May 4, 2019. Doordash says that it has added “additional protective security layers around the data,” after learning of the attack.
Am I affected by the Doordash data breach?
Doordash says that 4.9 million users were affected, but only users who joined before April 5, 2018. If you created your Doordash account after 4/5/2018, you were not impacted, according to Doordash.
Doordash says that it is reaching out directly to affected individuals. It did not say how (such as through email or through the Doordash app).
Doordash also says that to find out if you’re affected, you can call its “dedicated call center available 24/7 for support at 855–646–4683.”
What information was compromised in the Doordash breach?
Doordash says that different types of data were compromised for different categories of individuals. Depending on your category, the following data may have been stolen:
- Email address
- Delivery address
- History of Doordash orders
- Phone numbers
Although the passwords were “hashed,” Doordash recommends that users change their passwords by visiting www.doordash.com/accounts/password/reset.
- Last four digits of credit card or debit card
Dashers and Merchants
- Last four digits of bank account number
- Driver’s license number
Our Data Breach Lawyers
Our Data Breach Experience
Our attorneys recently won two prestigious awards for our work in data breach lawsuits. Eric Gibbs received a 2018 “MVP” award and 2019 CLAY award (“California Attorney: Lawyer of the Year”) for his work successfully representing data breach victims.
Our attorneys served in a court-appointed leadership role in the Anthem data breach class action, and helped achieve a $115 million settlement for victims of the Anthem data breach. The settlement received final approval from the court in August 2018.
Our data breach lawyers also currently serve in court-appointed leadership positions in the Equifax data breach lawsuit, Banner Health data breach lawsuit, and Excellus Health data breach lawsuit.