Food delivery is becoming more and more popular, but here’s delivery of bad news for users of one popular company. DoorDash confirmed that it suffered a recent data breach. According to the company, the accessed information includes customer names, phone numbers, email addresses and physical addresses, but “no sensitive information” was obtained.
It’s unclear when exactly the breach occurred, but DoorDash released its statement on the incident on Nov. 13.
Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
How did the data breach occur?
DoorDash stated that an employee with the company “was recently targeted in a social engineering scam.” Information for both delivery drivers and customers was exposed.
After discovering the scam, the company’s response team removed access from the unauthorized party and reported the incident to law enforcement. DoorDash has since “implemented additional training and awareness for our employees around various social engineering scams,” the company says.
Is my credit card information at risk?
According to DoorDash, the criminals didn’t access bank or payment card information, but they did get customer names, phone numbers, email addresses and physical addresses.
DoorDash also stated that the company improved its security systems to prevent a similar breach from occurring in the future.
I use DoorDash: What should I do?
The criminals don’t have your bank info, but might have your personal information. Keep an eye out for messages that may be trying to defraud you using those details.
“It is always a good idea to be cautious of unsolicited communications that ask for your personal information or refer you to a web page asking for personal information, and avoid clicking on links or downloading attachments from suspicious emails,” DoorDash said in its post.
Watch out for social-engineering scams
There’s something else we can learn from the DoorDash breach. While we don’t have a lot of details on how the employee was approached, the company says the person was targeted with social engineering. That could mean anything from the criminal pretending to be a IT person for the company or a coworker needing information to someone sending a malicious link disguised as something useful.
Stay alert to these scams. Look for red flags, like strangers who claim they need information right now, a link that doesn’t match up to the URL it should have, and people contacting you on social-media channels they don’t normally use. Choose strong passwords and never share them.
Read more: The Scariest Online Threats in 2025, and How to Protect Your Privacy
Are data breaches common?
As you know if you’ve ever received a breach letter from a business, they’re not uncommon in our digital world. CNET previously reported that in 2024, companies reported 3,158 data compromises.