X
Why You Can Trust CNET Money

The editorial content on this page is based solely on objective, independent assessments by our writers and is not influenced by advertising or partnerships. It has not been provided or commissioned by any third party. However, we may receive compensation when you click on links to products or services offered by our partners. Review CNET's ethics statement.

  • Money

Was Your Personal Data Exposed in the Grubhub Data Breach? Here's How to Protect Yourself

If you use the online food delivery service, there are a few steps you can take.

Headshot of Danni Santana
Headshot of Danni Santana
Danni Santana Former Staff Editor
Danni Santana spent nine years as an editor and business journalist covering industries including sports, retail, restaurants, and personal finance. He is a graduate of the Craig Newmark Graduate School of Journalism at CUNY. His biggest loves outside of the newsroom are running, cooking, playing video games and collecting sneakers.
Danni Santana
2 min read
grubhub-pd.png
Grubhub/CNET

Grubhub recently suffered a data breach, exposing the personal data of diners, college students in the delivery service's Campus Dining program, merchants and drivers, the online food delivery service said earlier this week. 

The source of the breach was traced to a third-party service provider for Grubhub's customer service team. The unauthorized party accessed names, email addresses, phone numbers, card types and the last four digits of payment cards.

"Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider," the company said. "We immediately terminated the account's access and removed the service provider from our systems altogether."

Grubhub's internal investigation found that customer passwords were not affected by this breach, but some hashed passwords were. Hashed passwords are strings of random characters that mask real passwords saved on company servers. 

The food delivery company confirmed on its website that the hacker did not gain access to merchant login information, bank account details, Social Security numbers, full debit or credit card numbers, bank account information or driver's license numbers. Grubhub did not immediately respond to CNET's request for further comment. 

What can I do to protect myself after this breach?

It's unclear how many people were affected by the Grubhub breach. But if you use Grubhub and want to make sure you're protected, there are some steps you can take.

Request a new credit card (or update your virtual card)

Full credit card numbers weren't accessed in this breach, only the last four digits. Still, if you had a saved credit card in your account, it's a good idea to call your credit card company or bank and ask them to send you a new card in the mail. 

If you have a virtual credit card number saved in your account, we recommend deleting that number with your card issuer and requesting a new one.

Change your password

Despite only hashed passwords being exposed in the Grubhub breach, there's no harm in updating your password on your account. Remember to also update your passwords on other online accounts you use the same login information for. 

You should have a different password for every online account you create. If you find this too difficult, consider signing up for a password manager. 

Watch out for phishing attacks

Both email addresses and phone numbers were compromised in the Grubhub breach. With this information, cybercriminals can create phishing attacks aimed at stealing your sensitive information or your hard earned cash. 

Aura

CNET's pick for the best identity theft protection service

See at Aura

Keep your sensitive data safe with identity theft protection.

The editorial content on this page is based solely on objective, independent assessments by our writers and is not influenced by advertising or partnerships. It has not been provided or commissioned by any third party. However, we may receive compensation when you click on links to products or services offered by our partners.

About the Author

Headshot of Danni Santana
Former Staff Editor
Former Staff Editor

Danni Santana spent nine years as an editor and business journalist covering industries including sports, retail, restaurants, and personal finance. He is a graduate of the Craig Newmark Graduate School of Journalism at CUNY. His biggest loves outside of the newsroom are running, cooking, playing video games and collecting sneakers.