Key Highlights

• Who: Grubhub, a prominent online food delivery platform, experienced a data breach due to a third-party service provider.
• What: Unauthorized access led to the exposure of sensitive consumer information, including names, partial payment card details, email addresses, and phone numbers.
• When: The breach was publicly acknowledged on February 3, 2025, with immediate consumer notifications following the investigation.
• Where: The incident affected Grubhub's operations in the United States, with headquarters in Chicago, Illinois.
• Why: The breach was attributed to unauthorized access through a third-party contractor, prompting Grubhub to enhance security measures.
• How: Grubhub conducted an internal investigation, collaborated with cybersecurity experts, and took corrective actions to prevent future breaches.