DoorDash disclosed a data breach on November 19, 2025 that exposed the phone numbers and physical addresses of an unspecified number of users, delivery workers, and merchants. The breach was first identified on October 25, 2025 after a social‑engineering attack on an employee.
The company confirmed that no sensitive personal data—such as Social Security numbers, driver’s license information, or payment card details—was compromised, and it has not detected any fraud or identity theft linked to the incident.
DoorDash immediately shut down the attackers’ access and launched an investigation, working with external cybersecurity firms and law enforcement to determine the scope and root cause of the breach.
While the exact number of affected individuals remains undisclosed, the incident underscores the ongoing risk of social‑engineering attacks and the importance of robust employee training and security protocols.
The breach adds to DoorDash’s history of data security incidents, including a 2019 breach that affected roughly 5 million users and a 2022 incident involving a third‑party vendor. The company has cited these events as catalysts for investing in advanced security systems and expanding employee awareness programs.
Management emphasized that the exposed data—contact information only—poses limited immediate risk but could be leveraged in future phishing or targeted social‑engineering campaigns. DoorDash has pledged to monitor for any misuse and to provide affected parties with guidance on protecting themselves.
The incident may trigger regulatory scrutiny and could increase security‑related expenditures, but DoorDash has stated that it remains committed to maintaining customer trust while strengthening its overall security posture.
The content on BeyondSPX is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.