DoorDash confirmed a cybersecurity incident where hackers accessed a database containing personal contact details of New York users, including full names, phone numbers, email addresses, and physical addresses. The breach originated in October when an employee fell for a **social engineering scam**, allowing unauthorized access. While DoorDash assured that no highly sensitive data (e.g., Social Security numbers, government IDs, driver’s licenses, or payment card information) was compromised, the exposed information still poses risks like phishing, identity theft, or targeted scams. The company responded by shutting down the attacker’s access, launching an investigation, involving law enforcement, and enhancing employee training to prevent future incidents. A dedicated helpline (1-833-918-8030, reference code **B155060**) was set up for affected users.
Source: https://hudsonvalleypost.com/doordash-confirms-data-breach-impacting-users-across-new-york/
DoorDash cybersecurity rating report: https://www.rankiteo.com/company/doordash
"id": "DOO5593355112025",
"linkid": "doordash",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'New York-based Users (Exact '
'Number Unspecified)',
'industry': 'Food Delivery/Technology',
'location': 'New York, USA (Affected Users: New '
'Yorkers)',
'name': 'DoorDash',
'type': 'Private Company'}],
'attack_vector': 'Social Engineering (Phishing/Scam)',
'customer_advisories': ['Dedicated helpline (1-833-918-8030) with reference '
'code B155060 for inquiries.'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Full Names',
'Phone Numbers',
'Email Addresses',
'Physical Addresses'],
'sensitivity_of_data': 'Moderate (No Highly Sensitive PII)',
'type_of_data_compromised': ['Personal Contact Details '
'(Names, Phone Numbers, Emails, '
'Physical Addresses)']},
'date_detected': '2023-10',
'description': 'DoorDash confirmed a cybersecurity incident where scammers '
'accessed personal information of New Yorkers after an '
'employee fell victim to a social engineering scam in October. '
'The breach exposed names, phone numbers, email addresses, and '
'physical addresses, but no sensitive data like Social '
'Security numbers or payment information was compromised. '
'DoorDash responded by shutting down unauthorized access, '
'launching an investigation, and notifying law enforcement. '
'They also set up a dedicated helpline (1-833-918-8030, '
'reference code B155060) for affected users and committed to '
'enhanced employee training to prevent future incidents.',
'impact': {'brand_reputation_impact': 'Potential Negative Impact (Public '
'Disclosure of Breach)',
'data_compromised': ['Full Names',
'Phone Numbers',
'Email Addresses',
'Physical Addresses'],
'identity_theft_risk': 'Low (No Sensitive PII like SSNs or Payment '
'Data Exposed)',
'payment_information_risk': 'None (No Payment Data Accessed)'},
'initial_access_broker': {'entry_point': 'Employee (Social Engineering Scam)',
'high_value_targets': ['Customer Database (Contact '
'Details)']},
'investigation_status': 'Ongoing (Referred to Law Enforcement)',
'lessons_learned': 'Enhanced employee training is critical to prevent social '
'engineering attacks. Rapid incident response (shutting '
'down access, investigation, and law enforcement '
'notification) helps mitigate damage. Proactive customer '
'communication (e.g., helpline) builds trust post-breach.',
'motivation': 'Unauthorized Data Access (Likely Financial or Data Theft)',
'post_incident_analysis': {'corrective_actions': ['Enhanced employee training',
'Incident response '
'activation',
'Law enforcement '
'collaboration'],
'root_causes': ['Employee susceptibility to social '
'engineering',
'Inadequate safeguards against '
'phishing/scams']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Implement Multi-Factor Authentication (MFA) for employee '
'accounts to reduce phishing risks.',
'Conduct regular security awareness training focused on '
'social engineering tactics.',
'Monitor dark web for exposed data and offer identity '
'protection services to affected users if needed.',
'Review and update incident response plans to ensure '
'swift containment and communication.'],
'references': [{'source': 'Hudson Valley Post'}],
'response': {'communication_strategy': ['Public Disclosure',
'Helpline with Reference Code '
'(B155060)'],
'containment_measures': ['Shut Down Unauthorized Access'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Dedicated Helpline for Affected Users '
'(1-833-918-8030)'],
'remediation_measures': ['Investigation Launched',
'Enhanced Employee Training']},
'threat_actor': 'Unknown (Scammers/Hackers)',
'title': 'DoorDash Cybersecurity Incident Affecting New Yorkers',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error (Employee Fell for Scam)'}