475/68 Wednesday, November 19, 2025
DoorDash, the major U.S. food-delivery platform, has disclosed a data breach affecting customers, delivery drivers (Dashers), and merchants after one of its employees fell victim to a social engineering attack, allowing unauthorized actors to access personal information. The incident was discovered on October 25, 2025, and DoorDash has begun notifying those affected. Exposed data includes names, addresses, email addresses, and phone numbers. The company confirmed that no sensitive information-such as Social Security numbers, driver’s license details, bank account information, or payment card data-was compromised, and there is currently no evidence that the exposed data has been misused.
After discovering the incident, DoorDash’s security team immediately cut off the attacker’s access, launched an investigation, and began working with law enforcement. The company also noted that the breach did not affect users of its affiliated brands, Wolt and Deliveroo. However, DoorDash has not disclosed the total number of affected individuals or specified which countries were impacted.
Since DoorDash operates in the United States, Canada, Australia, and New Zealand, users across multiple regions may potentially be affected. The company has set up separate customer support channels for U.S./Canadian users and international users to handle inquiries related to the incident.
Source https://www.securityweek.com/doordash-says-personal-information-stolen-in-data-breach/
