Food delivery service DoorDash has confirmed it suffered a data breach in October 2025 where some personal customer information was accessed.
In an email to customers, which was shared on social media, the company confirmed the incident and indicated that names, phone numbers, physical addresses and email details were affected.
In response to the cybersecurity incident posted on the company’s website, it stated that there is no indication the data has been misused for fraud or identity theft at this time.
DoorDash detailed that an employee was targeted in a social engineering scam which led to the breach.
“The response team identified the incident, shut down the unauthorized party’s access, started an investigation and referred the matter to law enforcement,” the company said.
The company also noted that sensitive information, including Social Security numbers or other government-issued identification numbers, driver’s license information or bank or payment card information, was not accessed.
In response to the data breach, the company said it has deployed new enhancements to its security systems to help prevent and detect malicious activities of this nature.
Additional awareness training for employees relating to social engineering scams has also been issued.
The company brought in an external firm to assist in the investigation and provide specialized support. The matter has also been referred to law enforcement.
Wolt or Deliveroo customers have not been affected by the data breach. The two firms operated under the DoorDash umbrella.
This is DoorDash's third breach in the last six years, following incidents affecting 5 million users in 2019 and a third-party vendor compromise in 2022.
“For a platform handling millions of daily transactions and maintaining detailed delivery records for hundreds of millions of users, this pattern demands a fundamental security reassessment,” commented Kiran Chinnagangannagari, chief product and technology officer at Securin.
Image credit: T. Schneider / Shutterstock.com