A DoorDash employee was targeted in a **social engineering scam**, leading to unauthorized access to some **customer data**. While the breach exposed personal information, officials confirmed that **no ID numbers (e.g., Social Security numbers) or payment details** were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses.
Source: https://kelo.com/2025/11/19/850862/
DoorDash cybersecurity rating report: https://www.rankiteo.com/company/doordash
"id": "DOO4293042111925",
"linkid": "doordash",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Food Delivery / Technology',
'location': 'United States (Headquarters in San '
'Francisco, CA)',
'name': 'DoorDash',
'type': 'Company'}],
'attack_vector': 'Social Engineering',
'customer_advisories': 'Public Notification via Media (No Direct Advisory '
'Mentioned)',
'data_breach': {'data_exfiltration': 'Yes (Some Customer Data Accessed)',
'personally_identifiable_information': 'Partial (Excluding ID '
'Numbers and Payment '
'Information)',
'sensitivity_of_data': 'Low (No ID Numbers or Payment '
'Information)',
'type_of_data_compromised': ['Personal Information '
'(Non-Sensitive)']},
'description': 'A DoorDash employee fell victim to a social engineering scam, '
'resulting in unauthorized access to some customer data. '
'Officials confirmed that no ID numbers or payment information '
'was released in the breach.',
'impact': {'brand_reputation_impact': 'Potential Negative Impact (Public '
'Disclosure of Breach)',
'data_compromised': ['Customer Personal Information '
'(Non-Sensitive)'],
'identity_theft_risk': 'Low (No ID Numbers or Payment Information '
'Compromised)',
'payment_information_risk': 'None (Officials Confirmed No Payment '
'Information Exposed)'},
'initial_access_broker': {'entry_point': 'Social Engineering (Employee '
'Targeted)'},
'investigation_status': 'Disclosed (Ongoing or Completed Status Unknown)',
'post_incident_analysis': {'root_causes': 'Employee Susceptibility to Social '
'Engineering'},
'references': [{'source': 'KELO.com'}],
'response': {'communication_strategy': 'Public Disclosure via Media '
'(KELO.com)'},
'title': 'DoorDash Employee Falls Victim to Social Engineering Scam, Exposing '
'Customer Data',
'type': 'Data Breach (Social Engineering)',
'vulnerability_exploited': 'Human Error (Employee Susceptibility to Social '
'Engineering)'}