DoorDash suffers another data breach: users’ contact information affected

Published: 14 November 2025
DoorDash breach

Users of DoorDash, a major American food delivery company, are receiving emails informing them of a potential cybersecurity breach that may affect their data.

DoorDash identified the cybersecurity incident on October 25th, 2025. According to the notices, an unauthorized third party gained access and stole “certain user contact information, which varied by individual.”

The company warns that the affected information may include first and last names, phone numbers, email addresses, and physical addresses.

ADVERTISEMENT

“Our investigation has since confirmed that your personal information was affected,” reads one of the emails, as shared by the users on X.

The company also assures recipients that no sensitive information was accessed by the unauthorized third party, and it has no indication that the data has been misused for fraud or identity theft at this time.

An additional customer support page appeared on the DoorDash website, where the company explains that one of its employees fell victim to a recent targeted social engineering scam.

“The response team identified the incident, shut down the unauthorized party’s access, started an investigation, and referred the matter to law enforcement,” the support page reads.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The company did not provide an estimate of the incident's extent, only stating that “some users” were affected. DoorDash claims that no sensitive information was accessed, and the breach doesn’t affect Social Security numbers, government-issued identification numbers, driver’s license information, or bank or payment card information.

“This incident impacted a mix of consumers, Dashers, and merchants,” DoorDash said, and clarified that it is directly notifying affected users.

ADVERTISEMENT

This is not the first time DoorDash has suffered a major breach. In 2022, an unauthorized party also conducted a phishing attack on a third-party vendor to access personal details of some customers and drivers. In 2019, another data breach leaked the personal details of over 4.9 million users, workers, and merchants.

“At DoorDash, we believe in continuous improvement and getting 1% better every day. We are committed to protecting your privacy and have already increased training for our employees to help prevent social engineering scams, deployed new improvements to our security systems, enlisted the support of an external firm for specialized support, and referred the matter to law enforcement to help prevent events like this from happening again,” the firm said.

The company recommends that users be cautious of unsolicited communications that request their personal information and avoid clicking on links or downloading attachments from suspicious emails.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT