DoorDash, the food delivery platform serving millions of customers across the U.S., Canada, Australia, and New Zealand, recently disclosed a data breach that was discovered in October. Beginning yesterday evening, the company started the process of notifying those individuals who were impacted by the newly identified security incident. This marks the third time the delivery giant has experienced a notable security breach.
The company’s email notification to affected users stated, “On October 25, 2025, our team identified a cybersecurity incident that involved an unauthorized third party gaining access to and taking certain user contact information, which varied by individual.” The investigation later confirmed that personal information for those receiving the email was affected. The types of personal information that may have been included are the user’s first and last name, physical address, phone number, and email address.
The source of the incident was traced back to a DoorDash employee who fell victim to a social engineering scam. Once the compromise was detected, the company’s incident response team acted swiftly to terminate the unauthorized party’s access. Following the containment, an investigation was immediately launched, and the matter has since been referred to law enforcement authorities.
The disclosure did not provide specific figures on the total number of users impacted by this security event. However, the company did confirm that the incident affected a mix of different user groups, specifically consumers, the delivery personnel known as Dashers, and merchants who use the platform.
This October 2025 incident follows previous security events encountered by the company. In 2019, DoorDash suffered a data breach that exposed the information of approximately 5 million individuals, encompassing customers, Dashers, and merchants. Furthermore, in August 2022, the company experienced another data breach linked to threat actors who had also targeted the communications platform Twilio earlier that same year.
Reference:
