On Monday, Grubhub, the well-known online food delivery service, announced a data breach that compromised some customers’ contact details.

In an official statement, the company indicated that it detected “unusual activity in our system related to a third-party vendor assisting our Support Team,” prompting an investigation with forensic experts.

“Our findings revealed that the breach was initiated through an account associated with a third-party service provider who offered support for Grubhub,” the company explained in their statement.

To address the situation, Grubhub has modified passwords and enhanced the oversight of its internal systems.

“We are committed to maintaining the trust of our customers, merchants, and drivers,” the company added. “We are implementing significant measures to fortify our systems and are actively reinforcing our security protocols to avoid similar breaches in the future.”

Which data was breached?

Grubhub identified that the breach affected campus diners, merchants, and drivers who have engaged with their customer support. The following types of data were accessed:

• Names
• Email addresses
• Phone numbers
• Partial card information – card type and last four digits – for a “subset of campus diners”

“The unauthorized entity also accessed hashed passwords from a few legacy systems, and we proactively changed any passwords that we believed might be compromised,” the company mentioned.

Should Grubhub app users take any action?

Grubhub stated that the Grubhub Marketplace was not impacted and confirmed that sensitive data such as social security numbers, driver’s license numbers, complete payment card details, and merchant logins were secure.

Nevertheless, the company advises customers to create distinct passwords for their accounts.

Taylor Ardrey is a news reporter.