Read more: Visit websiteGrubhub, the popular online food delivery platform, announced a data breach on Monday after a threat actor gained unauthorized access to some customer contact information.
The company said in a press release that it observed "unusual activity within our environment traced to a third-party service provider for our Support Team," which resulted in a probe using forensic experts.
"Our investigation found that the intrusion originated with an account belonging to a third-party service provider that provided support services to Grubhub," the company said in a statement.
In response to rectifying the matter, Grubhub changed passwords and improved the monitoring of its internal services.
"We remain dedicated to protecting the trust placed in us by our customers, merchants, and drivers," the company added. "We have taken decisive steps to further secure our systems and are actively strengthening our security controls to prevent similar incidents in the future."
According to Grubhub, those impacted were campus diners, merchants, and drivers who have communicated with their customer care service, and the following data was accessed:
"The unauthorized party also accessed hashed passwords for certain legacy systems, and we proactively rotated any passwords that we believed might have been at risk," the company said.
The company said that Grubhub Marketplace wasn't affected and noted that sensitive information, including social security, driver's license numbers, full payment card information, and merchant logins, were not accessed.
No comments:
Post a Comment