GrubHub Data Breach Exposes Customer and Payment Information
GrubHub has disclosed a data breach affecting customer contact details and partial payment information, adding another cybersecurity incident to the growing list of 2025 breaches. In an announcement on Monday, the food delivery service confirmed that unauthorized access was recently detected, exposing names, email addresses, and phone numbers linked to its campus dining program. The breach also impacted drivers, merchants, and customers who had previously contacted GrubHub’s customer service.
In addition to contact details, some campus dining users had partial credit card information exposed, including the card type and last four digits. GrubHub also revealed that hashed passwords from “certain legacy systems” were accessed. However, the company assured users that sensitive personal data—such as full GrubHub Marketplace passwords, bank account details, Social Security numbers, and driver’s license information—remained secure. The breach was traced to a third-party service account used for customer support, which has since been removed, along with the vendor responsible.
GrubHub has taken steps to secure affected accounts, including rotating compromised passwords, but customers are advised to update their login credentials as a precaution. The full extent of the breach remains under investigation, and in similar cases, additional compromised data is sometimes uncovered later.
Security experts recommend that users take further precautions, such as enabling strong, unique passwords and using password managers to safeguard their accounts. Additionally, removing stored credit card details from online platforms or switching to virtual credit card numbers can help mitigate risks in future incidents. As data breaches continue to rise, proactive cybersecurity measures remain essential for online safety.
