Grubhub recently suffered a data breach, exposing the personal data of diners, college students in the delivery service’s Campus Dining program, merchants and drivers, the online food delivery service said earlier this week.
The source of the breach was traced to a third-party service provider for Grubhub’s customer service team. The unauthorized party accessed names, email addresses, phone numbers, card types and the last four digits of payment cards.
“Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider,” the company said. “We immediately terminated the account’s access and removed the service provider from our systems altogether.”
Grubhub’s internal investigation found that customer passwords were not affected by this breach, but some hashed passwords were. Hashed passwords are strings of random characters that mask real passwords saved on company servers.
The food delivery company confirmed on its website that the hacker did not gain access to merchant login information, bank account details, Social Security numbers, full debit or credit card numbers, bank account information or driver’s license numbers. Grubhub did not immediately respond to ‘s request for further comment.
What can I do to protect myself after this breach?
It’s unclear how many people were affected by the Grubhub breach. But if you use Grubhub and want to make sure you’re protected, there are some steps you can take.
Request a new credit card (or update your virtual card)
Full credit card numbers weren’t accessed in this breach, only the last four digits. Still, if you had a saved credit card in your account, it’s a good idea to call your credit card company or bank and ask them to send you a new card in the mail.
If you have a virtual credit card number saved in your account, we recommend deleting that number with your card issuer and requesting a new one.
Change your password
Despite only hashed passwords being exposed in the Grubhub breach, there’s no harm in updating your password on your account. Remember to also update your passwords on other online accounts you use the same login information for.
You should have a different password for every online account you create. If you find this too difficult, consider signing up for a password manager.
Watch out for phishing attacks
Both email addresses and phone numbers were compromised in the Grubhub breach. With this information, cybercriminals can create phishing attacks aimed at stealing your sensitive information or your hard earned cash.
Keep your sensitive data safe with identity theft protection.
