U.S. meals supply big Grubhub says hackers accessed the non-public particulars of shoppers and drivers after breaching its inside programs.
Grubhub is a well-liked food-ordering and supply platform with over 375,000 retailers and 200,000 supply suppliers utilizing its platform in additional than 4,000 U.S. cities. New York-based Wonder Group acquired the corporate final fall in a deal valued at $650 million — a fraction of the $7.3 billion Just Eat Takeaway paid for it again in 2020.
On Monday, the Illinois-based firm disclosed an information breach impacting the non-public information of an undisclosed variety of prospects, retailers and drivers. Grubhub stated it detected “uncommon exercise” in its community which it traced to a third-party service supplier.
“Upon discovery, we promptly launched an investigation, figuring out unauthorized entry to an account related to this supplier,” Grubhub stated in an announcement. “We instantly terminated the account’s entry and eliminated the service supplier from our programs altogether.”
It stated the intrusion allowed unnamed hackers to entry the non-public particulars of shoppers, retailers and drivers who interacted with its buyer care service. The breach additionally affected customers of Grubhub’s Campus Dining service, which permits college college students to make use of their meal credit on the meals supply app.
According to Grubhub private particulars accessed embrace names, e mail addresses, cellphone numbers, and partial fee card info — together with the final 4 digits of the cardboard quantity — for a “subset” of campus diners. The hacker additionally accessed hashed passwords for sure legacy programs, per Grubhub, nevertheless it added that checking account particulars and Social Security numbers weren’t affected by the breach.
As nicely as not disclosing what number of people have been affected by the breach Grubhub has not confirmed when the incident occurred.
The firm didn’t instantly reply to TechCrunch’s questions.
