Grubhub suffers data breach through third-party provider

5 February 2025 2 minutes Author: Newsman

Food delivery service Grubhub reported that its customers, drivers and partners’ data was leaked through a compromise of a third-party service provider’s account. The incident may have compromised contact details, some payment information and hashed passwords.

The company said it detected unusual activity in its customer support system, which was associated with one of the third-party providers. Once the threat was detected, Grubhub immediately disabled access to the compromised account and terminated cooperation with that provider.

According to an official statement, the compromised data included:

  • names, email addresses and phone numbers of customers, restaurants and driver.
  • some payment card information (only the card type and the last four digits).
  • hashed passwords from the old system.

At the same time, the company assures that full card numbers, bank accounts, social security numbers and other sensitive data were not stolen.

According to cybersecurity analysts, this incident demonstrates the vulnerability of companies that rely on third-party providers. Experts suggest that data leaks by third parties are becoming more common and that companies should pay more attention to managing the risks of integration with partners.

Grubhub has taken steps to strengthen its cybersecurity, including updating all passwords, increasing anomaly monitoring and appointing external cybersecurity experts. However, this incident once again highlights that protecting against third-party attacks is one of the main challenges of modern cybersecurity.

Other related articles
News
Read more
Former Google engineer accused of stealing AI secrets for Chinese companies
Ding is accused of stealing trade secrets about artificial intelligence for the benefit of a Chinese company. According to the investigation, he stole more than 1,000 classified files about Google's hardware infrastructure and supercomputers for training AI models. He faces up to 15 years in prison for economic espionage. The case is being investigated as part of the Biden administration's technological espionage task force.
32
News
Read more
New US tariffs force USPS to stop accepting packages from China and Hong Kong
The USPS is currently in the process of implementing new tariffs. This restriction will affect customers of Temu, Shein and other Chinese e-commerce platforms. The US Customs Service explained that this is due to the increasing flow of small packages, which makes it difficult to control smuggling. It is currently unknown how long this ban will be in effect.
29
News
Read more
Australia imposes sanctions on extremist network Terrorgram
Australia has imposed sanctions on Terrorgram Collective, a neo-Nazi group that spreads extremist ideas through Telegram. The decision makes any support for the network illegal and carries a maximum penalty of 10 years in prison. Terrorgram was previously designated a terrorist organization by the United States and the United Kingdom.
30
Found an error?
If you find an error, take a screenshot and send it to the bot.