<p>Une faille de sécurité chez Grubhub met en péril les données des clients et des chauffeurs, a déclaré l'entreprise.</p>

A security incident at Grubhub has exposed personal data of both customers and drivers, the company said, following an "incident" with a third-party vendor.

The company has not disclosed the exact extent of the security breach, but acknowledges that the affected personal data includes names, email addresses, phone numbers, and in some cases, partial credit card numbers …

Grubhub assumes that only a limited number of customers and drivers were affected.

Recently, unusual activity was detected in our environment, which could be traced back to a third-party vendor for our support team. After the discovery, we immediately launched an investigation and identified unauthorized access to an account of this provider. We immediately terminated access to the account and completely removed the provider from our systems.

The unauthorized access included contact information of food delivery personnel on campus as well as from suppliers, merchants, and drivers who have contacted our customer service.

In addition, it is said that the contractor received hashed versions of passwords for some of its internal systems.

Grubhub, which is being sold by parent company Just Eat for $650 million, says it has taken three measures in response to the incident:

• Engaged investigation experts: Collaboration with an external cybersecurity company for a comprehensive investigation.
• Improved authentication security: All relevant passwords have been updated to prevent potential unauthorized access. Last update: 2023-10-26 15:48:57 +0200
• Enhanced monitoring system: Additional anomaly detection systems have been implemented in all internal services.

It has not offered affected users any protection against identity theft.

Photo by Rowan Freeman on Unsplash