GrubHub Data Breach Exposes Sensitive Customer Information

On February 10, 2025, GrubHub reported a data breach resulting from unauthorized access via a compromised third-party service provider account. This breach has potentially compromised the personal information of customers, drivers, and merchants, including names, email addresses, phone numbers, payment card data, and hashed passwords for legacy systems. Following the incident, GrubHub has revoked the service provider's access and is actively investigating the breach to assess its scope and mitigate damages. This incident highlights the critical vulnerabilities organizations face when relying on third-party services, emphasizing the need for rigorous vendor management and access controls. As organizations increasingly integrate external services, the risk of similar breaches escalates, making it essential to establish robust security protocols.

For more details, visit Check Point Research.