GrubHub reveals massive data breach - customers, drivers, businesses all affected, here's what we know

Third-party vendor incident puts GrubHub customers at risk. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. GrubHub has confirmed suffering a ‘security incident’ involving a third-party contractor which resulted in the unauthorized access to a set of user contact information. The breach was detected after the firm noticed unusual activity within its environment, which it traced back to a third-party vendor that provides services for its Support Team. Once discovered, GrubHub reportedly launched an investigation and found unauthorized access to an account associated with the vendor.

The company says it took ‘immediate action’ to contain the situation and is now confident the incident is ‘fully contained’. The leaked data includes names, email addresses, phone numbers, and partial payment information for a group of users. It’s also believed the threat actor had access to hashed passwords for legacy systems. Following the incident, GrubHub said it enhanced its security by implementing enhanced monitoring services, as well as strengthening credential security and engaging forensic experts to complete a comprehensive investigation.

This incident proves just how crucial monitoring your systems and your vendors is for businesses of all sizes. Third-party data breaches have become a major security concern thanks to the vast number of vendors most firms will use, many of which are smaller companies with smaller cybersecurity budgets. “If you want to get into a big organization you go through [third-party vendors]. You go for the low hanging fruit. We've got 14,000 vendors globally providing everything from uniforms in retail branches to large scale data centers,” Standard Chartered Bank’s Benedict Peet told TechRadar Pro.

“You've got to have a scalable security questionnaire to ask them, but the risk is still the same, whether it's a mum and pop shop in the back streets of Seoul or it's at Atos Origin or someone like that.”. Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!. Data breaches put victims at risk of identity theft, so take a look at our choices for best identity theft protection if you're concerned you might be affected.

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content. Please logout and then login again, you will then be prompted to enter your display name.