DoorDash

DoorDash confirmed Nov. 23 that a social engineering attack on an employee allowed an unauthorized party to access basic contact information for some customers, delivery workers and merchants. The company says names, email addresses, phone numbers and physical addresses were exposed, but no SSNs, driver’s license data, or bank/payment card information, and reports no evidence of fraud so far; DoorDash says it cut off access, notified law enforcement, added security measures and hired an external cybersecurity firm while notifying affected users as required.