Food delivery is becoming more and more popular, but here’s some bad news for users of a popular company. PorteDash has confirmed that it recently suffered a data breach. According to the company, the information accessed includes customer names, phone numbers, email addresses and physical addresses, but “no sensitive information” was obtained.
It’s unclear exactly when the breach occurred, but DoorDash released its statement on the incident on November 13.
Don’t miss any of our unbiased technical content and lab reviews. Add CNET as your preferred Google source.
How did the data breach happen?
DoorDash said an employee of the company “was recently the target of a social engineering scam.” Information for delivery drivers and customers was presented.
After discovering the scam, the company’s response team removed the unauthorized party’s access and reported the incident to law enforcement. DoorDash has since “implemented additional training and awareness for our employees regarding various social engineering scams,” the company says.
Is my credit card information at risk?
According to DoorDash, the criminals did not access banking or payment card information, but they did obtain customers’ names, phone numbers, email addresses and physical addresses.
DoorDash also said the company has improved its security systems to prevent a similar breach from happening in the future.
I use DoorDash: what should I do?
Criminals don’t have your banking information, but could have your personal information. Keep an eye out for messages that might try to defraud you using this information.
“It is always a good idea to be wary of unsolicited communications that ask for your personal information or send you to a web page asking for personal information, and to avoid clicking on links or downloading attachments from suspicious emails,” DoorDash said in its post.
Beware of social engineering scams
There is something else we can learn from the DoorDash breach. While we don’t have many details on how the employee was approached, the company says the person was targeted with social engineering. This could mean anything from the criminal posing as a company IT worker or colleague in need of information to someone sending a malicious link disguised as something useful.
Stay alert for these scams. Look for red flags, like strangers claiming to need information right now, a link that isn’t the URL it should be, and people contacting you on social media they don’t normally use. Choose strong passwords and never share them.
Learn more: The Scariest Online Threats of 2025 and How to Protect Your Privacy
Are data breaches common?
As you know, if you have ever received a violation letter from a company, this is not uncommon in our digital world. CNET previously reported that in 2024companies reported 3,158 data compromises.
