DoorDash has disclosed a cybersecurity incident where unauthorized actors gained access to user contact information following a social engineering attack targeting a company employee.
The food delivery platform confirmed that personal data was compromised. However, it highlighted that no sensitive financial or government-issued identification information was accessed.
On October 25, 2025, DoorDash identified unauthorized third-party access to its systems resulting from a social engineering scam targeting an employee.
The company’s security team quickly detected the intrusion, terminated the unauthorized access, and launched an investigation into the incident.
Law enforcement authorities have been notified and are conducting an ongoing investigation. The breach affected user contact information, which varied by individual.
Exposed data may have included first and last names, phone numbers, email addresses, and physical addresses. DoorDash stated that no sensitive information was accessed during the incident.
Notably, Social Security numbers, government-issued identification numbers, driver’s license details, and bank or payment card information remained secure.
DoorDash reported no evidence that the stolen data had been misused for fraud or identity theft purposes. DoorDash has implemented multiple security enhancements following the breach.
The company deployed upgraded security systems designed to detect and prevent similar malicious activities.
Additional employee training programs focusing on social engineering awareness have been introduced to strengthen defenses against future attacks.
An external cybersecurity firm was brought in to support the investigation and provide specialized expertise. DoorDash focused on its commitment to continuous security improvement and protecting user privacy.
DoorDash tells affected users to be careful about unexpected messages that ask for personal information.
Users should avoid clicking unsafe links or downloading attachments from unknown sources and refrain from sharing personal data on unfamiliar websites.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
