Another day, another data leak. This time it’s Grubhub. According to the company, a security breach has exposed personal data for customers and drivers, and this is due to an “incident” involving a third-party contractor.
While Grubhub has not mentioned how many people are involved in this security breach, it has admitted that personal data like names, email addresses, phone numbers, and partial credit card numbers were leaked. The company has stated that it believes only a limited subset of customers and drivers were affected. Grubhub says that while the “threat actor did not access any passwords associated with Grubhub Marketplace accounts, as always, we encourage customers to use unique passwords to minimize risk.”
Grubhub also says that the contractor obtained hashed versions of passwords for some of its internal systems. This is not a good look for Grubhub’s parent company Just Eat, who is currently in the process of selling Grubhub for around $650 million.
What’s Grubhub doing to protect your data?
Grubhub has said that they are doing three things in response to this data breach. First up, Engaging Forensic Experts. Grubhub has partnered with a third-party cybersecurity firm to for a comprehensive investigation. It has also strengthened credential security. Having changed all of its relevant passwords to prevent potential unauthorized access. And finally, it has enhanced monitoring. Grubhub has deployed additional anomaly detection mechanisms across internal services.
However, Grubhub has not yet offered any identity theft protection to affected users. Grubhub has more than 33 million users, so a small subset, as the company says, would be a fairly small number. But this is a good reason to change your password and use virtual credit card numbers or something like Apple Pay and Google Pay. That way it’s easier to change your credit card number if it does get leaked in a breach like this.
