SAN FRANCISCO (KRON) – In a statement released Thursday, the food delivery service DoorDash notified customers of a data breach which occurred on May 4, 2019
Noticed earlier this month, the company restricted access to a third-party service provider and immediately launched an investigation, consulting outside security experts to help determine what happened.
Roughly 4.9 million customers who signed up before April 5, 2018 have been compromised. Customers who signed up after the April date are not affected.
Data accessed includes profile information, the last four digits of credit cards, the last four digits of bank accounts and the driver’s license numbers for 100,000 drivers.
The company stresses that the financial information accessed is not sufficient enough to make fraudulent charges or withdraws. Full bank account or credit card numbers, and CVV numbers were not accessed. Any passwords that were accessed were scrambled and are indecipherable to third parties.
DoorDash has reached out to affected customers, has stepped up security and encourages everyone to change passwords out of caution.