Food delivery service DoorDash confirmed a data breach affecting 4.9 million customers and merchants took place in May and included general PII and partial payment card information.

The company learned in early September that a third-party vendor had been accessed on May 4, 2019 and was able to gain access to information including names, email addresses, delivery addresses, order history, phone numbers and hashed, salted passwords. Additionally, the driver’s license numbers of at least 100,000 Dashers were accessed and the last four digits of some customer credit cards were also exposed, but not the full number or CVV, DoorDash said.

Newer customers were not impacted by the breach. DoorDash said consumers, "Dashers," and merchants who joined on or before April 5, 2018, are affected, but those who joined after April 5, 2018 are not affected.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.