A security incident involving a third-party contractor has led to unauthorized access to certain user contact information, according to a recent announcement. The company acted swiftly to address the situation and collaborated with forensic experts to investigate the breach. They assured that the issue is now fully contained.
The unusual activity was detected within their environment and traced back to a third-party service provider for their Support Team. Upon discovery, an investigation was launched which identified unauthorized access to an account linked with this provider. Immediate actions were taken, including terminating the account's access and removing the service provider from their systems.
The accessed data included contact information of campus diners, as well as diners, merchants, and drivers who interacted with customer care services. The compromised data varied by individual but included names, email addresses, phone numbers, and partial payment card information for some campus diners (card type and last four digits). Hashed passwords for certain legacy systems were also accessed; consequently, passwords potentially at risk were rotated proactively. Although no Grubhub Marketplace account passwords were accessed, customers are encouraged to use unique passwords for safety.
The investigation confirmed that sensitive personal information such as Grubhub Marketplace customer passwords, merchant login details, full payment card numbers, bank account details, Social Security numbers or driver’s license numbers were not accessed.
The intrusion originated from an account belonging to a third-party service provider offering support services. In response to the incident and in efforts to bolster security measures:
- Forensic experts were engaged through a partnership with a cybersecurity firm.
- Credential security was strengthened by rotating all relevant passwords.
- Additional anomaly detection mechanisms were deployed across internal services.
The company emphasized its commitment to safeguarding customer trust by securing systems further and actively enhancing security controls against future incidents.