CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

DoorDash Data Breach Exposed User Contact Information

First reported
Last updated
2 unique sources, 3 articles

Summary

Hide ▲

DoorDash confirmed a data breach in October 2025 where an unauthorized third party accessed user contact information, including names, phone numbers, physical addresses, and email details. The breach was caused by a social engineering attack on a DoorDash employee. The company has taken steps to mitigate the breach, including shutting down unauthorized access, starting an investigation, and referring the matter to law enforcement. DoorDash has also deployed new security enhancements and provided additional training for employees. This is the third notable security incident suffered by DoorDash in the last six years, following breaches in 2019 and 2022. The breach notification emails primarily targeted DoorDash Canada users, but the incident may extend beyond Canada. Users have expressed concerns about the timing of the notifications and the handling of the incident, with some users threatening legal action against DoorDash.

Timeline

  1. 14.11.2025 06:38 3 articles · 5d ago

    DoorDash Data Breach Exposed User Contact Information

    On October 25, 2025, DoorDash identified a data breach where an unauthorized third party accessed user contact information. The breach was caused by a social engineering attack on a DoorDash employee. The company has taken steps to mitigate the breach, including shutting down unauthorized access, starting an investigation, and referring the matter to law enforcement. DoorDash has also deployed new security enhancements and provided additional training for employees. This is the third notable security incident suffered by DoorDash, following breaches in 2019 and 2022. The breach notification emails primarily targeted DoorDash Canada users, but the incident may extend beyond Canada. Users have expressed concerns about the timing of the notifications and the handling of the incident, with some users threatening legal action against DoorDash.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

SimonMed Imaging Data Breach Affects 1.2 Million Patients

SimonMed Imaging, a U.S. medical imaging provider, experienced a data breach in January 2025. The breach exposed sensitive information of over 1.2 million individuals. The unauthorized access occurred between January 21 and February 5, 2025. The company detected the breach on January 27 and took immediate steps to contain the situation. The Medusa ransomware group claimed responsibility for the attack and leaked some data as proof. The breach impacted patients across 11 U.S. states, where SimonMed operates approximately 170 medical centers. The company has not confirmed the exact nature of the stolen data but acknowledged the potential for highly sensitive information to have been compromised. SimonMed has offered affected individuals free identity theft protection services.

Open in new tab

Discord User Data Compromised in Third-Party Breach

Hackers claim to have stolen data from 5.5 million unique Discord users after compromising a third-party customer service provider. The attack occurred on September 20, 2025, affecting users who interacted with Discord’s customer support and/or Trust and Safety teams. The breach appears to be financially motivated, with hackers demanding a ransom. The Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack, stating they breached a Zendesk instance used by Discord for customer support. The compromised data includes real names, usernames, email addresses, contact details, IP addresses, messages, attachments, photos of government-issued identification documents, partial billing information, and purchase history. Discord took immediate action to isolate the support provider from its ticketing system and launched an investigation with the help of a forensics firm and law enforcement. The hackers also accessed corporate data, including training materials and internal presentations. Discord has notified law enforcement and relevant data protection authorities about the incident. No full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.

Open in new tab

Renault and Dacia UK Customers Affected by Third-Party Data Breach

Renault and Dacia UK customers have been notified of a data breach affecting personal information shared with a third-party provider. The breach exposed full names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers, and vehicle registration numbers. The third-party provider has isolated the incident and removed the threat from its networks. The affected customers are advised to be vigilant against potential phishing and social engineering attacks. The number of impacted customers and the identity of the third-party provider have not been disclosed. The breach follows a significant cyberattack at Jaguar Land Rover in the UK, which disrupted operations for nearly a month, and is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER.

Open in new tab

Insight Partners Ransomware Breach Affects 12,657 Individuals

Insight Partners, a New York-based venture capital and private equity firm, has notified 12,657 individuals that their personal information was compromised in a ransomware attack. The breach, which occurred in October 2024, involved a sophisticated social engineering attack that allowed threat actors to access and encrypt servers. The stolen data includes banking and tax information, personal details of current and former employees, and information related to limited partners, funds, and portfolio companies. The company has offered complimentary credit or identity monitoring services to those affected and has filed breach notifications with state attorneys general. The incident highlights the ongoing risk of social engineering attacks and the potential for significant data exfiltration in ransomware breaches.

Open in new tab

FinWise insider breach exposes 689K American First Finance customers' data

A former employee of FinWise Bank accessed sensitive customer files after the end of their employment, impacting 689,000 American First Finance (AFF) customers. The breach, which occurred on May 31, 2024, involved personal data, including full names, and went undetected for over a year. FinWise has strengthened internal controls and is offering credit monitoring services to affected individuals. The breach was discovered on June 18, 2025, and was disclosed in September 2025. The incident has led to multiple class-action lawsuits alleging inadequate encryption and security measures. FinWise Bank partners with AFF to originate and fund loans. The breach was discovered and investigated with the help of external cybersecurity professionals. The exact methods of unauthorized access and the full extent of the exposed data remain undisclosed.

Open in new tab