DoorDash—DoorDash data breach exposed personal data of 4.9 million users, drivers, and merchants
In May 2019, DoorDash suffered a data breach via a third-party service provider that exposed personal information of approximately 4.9 million consumers, Dashers, and merchants who joined the platform before April 5, 2018. Exposed data included names, email addresses, delivery addresses, order history, phone numbers, hashed passwords, and the last four digits of payment cards. Driver's license numbers of approximately 100,000 Dashers were also compromised. DoorDash did not discover or disclose the breach until September 2019, more than four months after it occurred.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Data Security | -against | primary | -1.00 |
| User Privacy | -against | secondary | -0.50 |
| Overall incident score = | -0.362 | ||
Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.64)× agency (negligent ×0.5)
Evidence (2 signals)
DoorDash confirmed data breach affecting 4.9 million customers, workers, and merchants
DoorDash publicly confirmed a data breach on September 26, 2019, revealing that personal data of 4.9 million users was accessed through a third-party service provider on May 4, 2019. The company took over four months to detect and disclose the breach.
CNN reported DoorDash data breach affected 4.9 million people including driver's license numbers
CNN Business reported that the breach exposed names, email addresses, delivery addresses, order history, phone numbers, hashed passwords, and last four digits of payment cards. Driver's license numbers of approximately 100,000 Dashers were also compromised.