DoorDash is notifying users across its platform — including customers, Dashers and merchants — after confirming that a data breach occurred following what the company describes as a social engineering scam involving one of its employees.
In a statement released late last week, the San Francisco–based delivery giant said attackers manipulated an employee through a targeted scam, allowing unauthorized access to certain user information. However, as of Nov. 13, DoorDash reported no evidence that the exposed data has been used for fraud or identity theft.
The compromised information includes full names, phone numbers, email addresses and physical addresses. DoorDash emphasized that no Social Security numbers, government ID numbers, driver’s license details, or financial account information were involved in the breach. For context on how social engineering attacks work, readers can refer to the Cybersecurity & Infrastructure Security Agency, which offers guidance on these threats.
DoorDash confirmed it is actively investigating the incident and cooperating with law enforcement. The company also said it has implemented new security enhancements, expanded employee security training, and hired an external cybersecurity firm to assist in reviewing internal safeguards. Those wanting general information on data privacy regulations can explore the Federal Trade Commission website.
Users with questions or concerns regarding the breach can contact DoorDash directly at (833) 918-8030.
