Grubhub reports cyberattack, data breach

Grubhub, a major U.S. food delivery platforms is reporting a data breach affecting its customers, merchants, and drivers.

The breach was discovered when Grubhub detected unusual activity in its network, which was traced to a third-party service provider. Grubhub terminated the provider's access and removed them from their systems.

The breach has impacted multiple user groups within the Grubhub ecosystem, including customers who interacted with customer care service, merchants, drivers, and users of Grubhub's Campus Dining service, which allows university students to use their meal credits for food delivery.

Exposed data includes:

• Names
• Email addresses
• Phone numbers
• Partial payment card information (last four digits) for some campus dining users
• Hashed passwords for certain legacy systems

The company has not diclosed the number of affected individuals or the nature of the attack. While the company has taken steps to address the immediate security concern by removing the compromised service provider, the full extent and impact of the breach are still being determined.