Food delivery firm DoorDash on Thursday announced that it has suffered a data breach affecting 4.9 million customers, employees and merchants. DoorDash spokesperson Mattie Magdovitz pointed the finger to a “third-party service provider,” but failed to name the offending firm.
On May 4 of this year, threat actors managed to steal a large dataset that did not include information on customers who signed up with the firm after April 5, 2018. The compromised data includes the last four digits of customer payment cards and the last four digits of bank account numbers of staff members and merchants. The hackers also stole the driver’s license data of about 100,000 delivery workers.
Magdovitz said that as soon as the company discovered the breach, it “launched an investigation and outside security experts were engaged to assess what occurred.” No explanation was given for why the company needed almost half a year to find out about the incident.
Read more: DoorDash confirms data breach affected 4.9 million customers, workers and merchants