DoorDash has confirmed a data breach affecting customers, delivery workers, and merchants. The breach occurred after a DoorDash employee was deceived in a social engineering scam, allowing hackers to access certain personal details. 

What Information Was Exposed

The following information may have been accessed: 

  • Names 
  • Email addresses 
  • Phone numbers 
  • Physical addresses 

DoorDash states that no sensitive financial or identity documents were taken: 

  • No credit card or bank information 
  • No driver’s licence data 
  • No passport or government ID numbers 
  • No tax or Social Security numbers 

DoorDash has not yet disclosed how many users were affected but reports no evidence of fraud or identity theft linked to the breach so far. 

Cybersecurity experts warn that contact information and addresses from this breach could be combined with data from other incidents to target individuals for further scams. This type of information can be used to: 

  • Open new financial accounts 
  • Apply for government services 
  • Run phishing or impersonation scams 

 

Recommended Actions

  1. Be cautious with emails, texts, and calls

Scammers may use stolen details to send convincing messages. 

  • Avoid clicking on suspicious links. 
  • Do not share personal or banking information in response to unsolicited requests. 
  1. Monitor your financial accounts

Check regularly for unfamiliar activity across: 

  • Bank accounts 
  • Credit cards 
  • Buy Now Pay Later services 

Enable real-time transaction alerts where available. 

  1. Consider placing a credit ban or using monitoring services

In Australia, you can request a free credit ban to prevent identity thieves from opening accounts in your name.
Credit bans can be placed with all major credit reporting bodies: 

  • Equifax 
  • illion 
  • Experian 

You can also use: 

  • Annual credit report checks 
  • Ongoing credit monitoring services 
  1. Check your MyGov and other government service accounts

Look for any unusual activity, particularly during the holiday season when scam activity tends to increase. 

 

If You Were Notified by DoorDash

If DoorDash has contacted you about your data being affected: 

  • Follow instructions provided directly through official DoorDash channels. 
  • Do not provide personal information through links or messages you cannot verify. 
  • If unsure whether a communication is legitimate, visit DoorDash’s official website and use the published contact details to confirm.