Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<p><br />
</p>
<div class="moz-forward-container"><br />
<br />
-------- Forwarded Message --------
Subject:
[Tech-VI] Grubhub security breach exposed customer and
driver data, says company
Resent-Date:
Tue, 04 Feb 2025 11:21:30 -0800
Resent-From:
Date:
Tue, 4 Feb 2025 19:21:27 +0000
From:
David Goldfield via groups.io
<david.goldfield=>
Reply-To:
To:
tv <>
<br />
<br />
<div dir="ltr">
<p>9to5Mac - Tuesday, February 4, 2025 at 8:38?AM</p>
Grubhub security breach exposed customer and driver data,
says company
<img src="https://9to5mac.com/wp-content/uploads/sites/6/2025/02/Grubhub-security-breach-exposed-customer-and-driver-data.jpg?quality=82&strip=all&w=1600" class="skip-lazy wp-post-image" alt="Grubhub security breach exposed customer and driver data | A food delivery rider on a scooter" data-unique-identifier=""/>
<p>A
Grubhub security breach has exposed personal data for
both customers and drivers, says the company, after an
“incident” involving a third-party contractor.</p>
<p>The company has not revealed the exact scale of the
security fail, but has admitted that the
personal data includes names, email addresses, phone
numbers, and partial credit card numbers …</p>
<span id="more-988797"></span>
<p>Grubhub says it believes that
only a limited subset of customers and drivers were affected.</p>
<p>We recently detected unusual activity within our
environment traced to a third-party service provider for our
Support Team. Upon discovery, we promptly launched an
investigation, identifying unauthorized access to an account
associated with this provider. We immediately terminated the
account’s access and removed the service provider from our
systems altogether.</p>
<p>The unauthorized individual accessed contact information of
campus diners, as well as diners, merchants and drivers who
interacted with our customer care service.</p>
<p>Additionally, it says the contractor obtained hashed versions
of passwords for some of its internal systems.</p>
<p>Grubhub, which is in the process of being sold by parent
company Just Eat for $650M, says it has taken three actions in
response to the breach:</p>
<strong>Engaged Forensic Experts:</strong> Partnered with
a third-party cybersecurity firm for a comprehensive
investigation.
<strong>Strengthened Credential Security:</strong> Rotated
all relevant passwords to prevent potential unauthorized
access.
<strong>Enhanced Monitoring:</strong> Deployed additional
anomaly detection mechanisms across internal services.
<p>It has not offered any identity theft protection to affected
users.</p>
<p><em>Photo by Rowan Freeman on Unsplash</em></p>
<p>https://9to5mac.com/2025/02/04/grubhub-security-breach-exposed-customer-and-driver-data-says-company/</p>
</div>
<br />
</div>