GrubHub Strengthens Security Systems Following Unauthorized Third-Party Access
A third-party service provider for GrubHub’s support team "recently" gained unauthorized access to contact information of people who interacted with customer care, the online food ordering platform announced Monday. Despite their transparency that a breach occurred, the release did not include information specifying the dates and times the unauthorized party had access to the personal information, nor how many of its customers were effected by the breach.
Sign up for a free preview to unlock the rest of this article
GrubHub said it "took immediate action to contain the situation and" has "worked with leading forensic experts to investigate the matter. We are confident that the incident has been fully contained.”
After identifying the breach, GrubHub terminated the vendor's access and removed it from the network, the company said. Data exposed during this incident includes names, emails and phone numbers as well as partial payment card information for some diners, said GrubHub. However, the company confirmed information such as social security numbers and bank account details were not accessed.
Following this breach, the company enlisted a third-party cybersecurity firm to conduct a comprehensive investigation. Moreover, GrubHub said it deployed additional mechanisms for detecting anomalies and changing relevant passwords to prevent further unauthorized access.
“We remain dedicated to protecting the trust placed in us by our customers, merchants, and drivers,” the company said. “We have taken decisive steps to further secure our systems and are actively strengthening our security controls to prevent similar incidents in the future.”