Grubhub, the well-known food delivery service, has unfortunately experienced a data breach. On Monday, the company officially **acknowledged** that a security incident has exposed sensitive information related to both its drivers and customers.

The breach took place when a cybercriminal infiltrated Grubhub’s systems via a third-party vendor that assists with the company’s customer service functions. Consequently, confidential data linked to customers, merchants, and drivers who interacted with Grubhub’s support staff was compromised. Diners from university campuses were also impacted.

### What Data Was Compromised?
Grubhub disclosed that the nature of the stolen information differs from person to person. The hacker was able to retrieve names, email addresses, and phone numbers. Moreover, partial credit card information—specifically the card type and the last four digits—was accessed for some campus diners. Hashed passwords from “certain legacy systems” were also breached.

Nevertheless, Grubhub confirmed that customer and merchant login details, full credit card numbers, bank account information, driver’s licenses, and Social Security numbers were not affected by this breach.

### How Did the Incident Occur?
The company indicated that the breach was traced back to an account affiliated with a third-party service provider. After detecting the intrusion, Grubhub quickly revoked access for the compromised account and completely severed the service provider’s connection to its systems.

### The Extent of the Breach Remains Unknown
Grubhub has not revealed the specific number of individuals impacted by the breach. The company is actively investigating the incident to grasp its full extent and consequences.

This breach highlights the risks that can emerge from third-party collaborations, even for prominent organizations like Grubhub.