DoorDash reports data breach after social engineering attack
Learn More
Food delivery platform DoorDash is reporting a data breach that occurred on October 25, 2025, marking the company's third major security incident since 2019.
The breach, which was detected by DoorDash's internal security team on the same day, was caused by a social engineering attack that compromised an employee's credentials, allowing an unauthorized third party to gain access to the company's internal systems and steal user contact information.
The breach affected customers, delivery drivers (known as "Dashers"), and merchant partners across DoorDash's operating regions, including the United States, Canada, Australia, and New Zealand. The exposed personal information includes:
- First and last names
- Physical addresses
- Phone numbers
- Email addresses
- Potentially Social Security Numbers (mentioned in an undated security advisory on the DoorDash website, though the company claims these were not accessed)
The number of affected individuals has not been disclosed by DoorDash. The company has only stated that "some users" were impacted.
DoorDash began notifying individuals on November 13, 2025. DoorDash has not offered identity theft monitoring or credit protection services to affected users, which is standard practice following data breaches of this nature.
