DoorDash Reports Data Breach After Employee Targeted in Scam

DoorDash has announced a cybersecurity incident after an employee fell victim to a social engineering scam, allowing an unauthorized third party to access certain user information. The company says the breach was identified, access was shut down, and the matter was referred to law enforcement.

According to DoorDash, the data accessed varied by user but may have included names, phone numbers, email addresses, and physical addresses. The company emphasized that no sensitive information—such as Social Security numbers, driver’s license details, bank information, or payment card data—was compromised.

The breach affected a mix of DoorDash consumers, delivery drivers (“Dashers”), and merchants and they have notified affected DoorDash users where required. 

DoorDash says it has implemented new security enhancements, increased employee training around scams, and brought in an external firm to assist with the investigation.

The company says they have no indication to believe that the accessed information has been used for fraud or identity theft at this time.

A dedicated call center has been set up for questions related to the incident and is open Monday to Friday 6am-8pm PT and weekends 8am-5pm PT at +1-833-918-8030 (toll-free) for US residents. Callers are asked to use engagement number B155060 when calling.