Food delivery is becoming increasingly popular, but here’s the delivery of bad news for users of one popular company. DoorDash confirmed that it suffered a recent data breach. According to the company, the accessed information includes customer names, phone numbers, email addresses and physical addresses, but «no sensitive information» was obtained.
It’s unclear when exactly the breach occurred, but DoorDash released its statement on the incident on Nov. 13.
Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
How did the data breach occur?
DoorDash stated that an employee with the company «was recently targeted in a social engineering scam.» Information on delivery drivers and customers was exposed.
After discovering the scam, the company’s response team removed access from the unauthorized party and reported the incident to law enforcement. DoorDash has since «implemented additional training and awareness for our employees around various social engineering scams,» the company says.
Is my credit card information at risk?
According to DoorDash, the criminals didn’t access bank or payment card information, but they did get customer names, phone numbers, email addresses and physical addresses.
DoorDash also stated that the company improved its security systems to prevent a similar breach from occurring in the future.
I use DoorDash: What should I do?
The criminals don’t have your bank info, but might have your personal information. Be cautious of messages that may attempt to defraud you using those details.
«It is always a good idea to be cautious of unsolicited communications that ask for your personal information or refer you to a web page asking for personal information, and avoid clicking on links or downloading attachments from suspicious emails,» DoorDash said in its post.
Watch out for social-engineering scams
There’s something else we can learn from the DoorDash breach. While we don’t have a lot of details on how the employee was approached, the company says the person was targeted with social engineering. That could mean anything from the criminal pretending to be an IT person for the company, or a coworker needing information, to someone sending a malicious link disguised as something useful.
Stay alert to these scams. Look for red flags, such as strangers who claim they need information immediately, a link that doesn’t match the expected URL and people contacting you on social media channels they don’t typically use. Choose strong passwords and never share them.
Read more: The Scariest Online Threats in 2025, and How to Protect Your Privacy
Are data breaches common?
As you probably know if you’ve ever received a breach letter from a business, they’re not uncommon in our digital world. CNET previously reported that in 2024, companies had 3,158 data compromises.
