Online food delivery service Grubhub had data from its customers, merchants, and drivers compromised following a cyberattack against a third-party support services provider, according to The Record, a news site by cybersecurity firm Recorded Future.Such a third-party breach not only led to the exposure of individuals' names, phone numbers, and email addresses, but also the exfiltration of some customers' partial credit card details and legacy systems' hashed credentials, said Grubhub in a statement. "Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider. We immediately terminated the account’s access and removed the service provider from our systems altogether," noted Grubhub, which emphasized fully containing the incident while rotating all potentially impacted passwords. Grubhub's disclosure comes just over a month after the firm was ordered by the Federal Trade Commission to pay a $25 million fine to resolve charges related to delivery cost concealment and other deceptive practices.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds