U.S. meals supply big Grubhub says hackers accessed the non-public particulars of shoppers and drivers after breaching its inside techniques.
Grubhub is a well-liked food-ordering and supply platform with over 375,000 retailers and 200,000 supply suppliers utilizing its platform in additional than 4,000 U.S. cities. New York-based Marvel Group acquired the corporate final fall in a deal valued at $650 million — a fraction of the $7.3 billion Simply Eat Takeaway paid for it again in 2020.
On Monday, the Illinois-based firm disclosed a data breach impacting the non-public knowledge of an undisclosed variety of prospects, retailers and drivers. Grubhub stated it detected “uncommon exercise” in its community which it traced to a third-party service supplier.
“Upon discovery, we promptly launched an investigation, figuring out unauthorized entry to an account related to this supplier,” Grubhub stated in a press release. “We instantly terminated the account’s entry and eliminated the service supplier from our techniques altogether.”
It stated the intrusion allowed unnamed hackers to entry the non-public particulars of shoppers, retailers and drivers who interacted with its buyer care service. The breach additionally affected customers of Grubhub’s Campus Eating service, which permits college college students to make use of their meal credit on the meals supply app.
In response to Grubhub private particulars accessed embrace names, e mail addresses, telephone numbers, and partial fee card data — together with the final 4 digits of the cardboard quantity — for a “subset” of campus diners. The hacker additionally accessed hashed passwords for sure legacy techniques, per Grubhub, however it added that checking account particulars and Social Safety numbers weren’t affected by the breach.
In addition to not disclosing what number of people have been affected by the breach Grubhub has not confirmed when the incident occurred.
The corporate didn’t instantly reply to information.killnetswitch’s questions.
