On February 3, 2025, Grubhub posted a website notice discussing a recent data security incident involving a third-party service provider. In this notice, Grubhub explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, partial payment card information, email addresses and phone numbers. Upon completing its investigation, Grubhub began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Grubhub, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Grub Hub data breach. For more information, please see our recent piece on the topic here.
What Caused the Grubhub Data Breach?
The Grub Hub data breach was only recently announced, and more information is expected in the near future. However, Grubhub’s website notice entitled “Our Response to a Third-Party Vendor Incident” provides some important information on what led up to the breach.
According to this source, Grubhub recently learned of a data security incident involving a third-party contractor. In response, Grubhub secured its systems and then began working with outside cybersecurity experts to contain the incident and launch an investigation. Grubhub’s investigation suggested that the incident was due to unauthorized access to an account associated with Grubhub’s third-party service provider. Grubhub then immediately terminated all unauthorized access and removed the service provider from its network.
As a result of the incident, an unauthorized party was able to access certain user information. After learning that sensitive consumer data was accessible to an unauthorized party, Grubhub reviewed the compromised data to determine what information was leaked and which consumers were impacted. The breached information varies depending on the individual; however, it may include your name, partial payment card information, email address and phone number. Grubhub notes that the incident affected “campus diners, as well as diners, merchants and drivers who interacted with our customer care service.”
On February 3, 2025, Grubhub posted a notice on its website outlining the incident and the company’s response. However, Grubhub may also send out personalized data breach letters to those who were affected by the recent data security incident. If sent, these letters should provide victims with a list of what information belonging to them was compromised.
More Information About Grubhub
Grubhub is an online and mobile food delivery platform that connects diners with local restaurants across the United States. Headquartered in Chicago, Illinois, the company provides a convenient way for customers to order food for delivery or pickup through its website and mobile app. As part of Just Eat Takeaway.com, Grubhub partners with thousands of restaurants, offering a wide range of cuisine options while leveraging technology to streamline the ordering and delivery process. The organization employs approximately 3,000 people and generates an estimated $980 million in annual revenue.
