INDIANAPOLIS (WTHR) — DoorDash is notifying customers a third party may have stolen their data.
The food delivery company discovered the issue last month. An unauthorized third party accessed user data on May 4. Some customers, drivers and merchants who joined DoorDash prior to April 5, 2018 had their accounts affected.
Anyone who joined DoorDash after April 5, 2018 was not affected.
DoorDash said the data accessed included names, email addresses, delivery addresses, order history, and phone numbers. While full credit card numbers and CVV numbers weren't accessed, the party did access the last four digits of payment cards for some customers.
For drivers and merchants, the the last four digits of bank account numbers may have been accessed. In the case for all affected users, the information was not enough to make fraudulent card charges or bank withdrawals.
About 100,000 delivery drivers also had their driver's license numbers accessed.
DoorDash has since added additional security measures to improve its ability to identify and stop threats. The company suggested users reset passwords to be cautious.
Read more about the breach here.