- Food delivery service GrubHub has been breached through a third-party vendor
- The incident left Personally Identifiable Information exposed on users and others
- GrubHub has launched a full investigation
GrubHub has confirmed suffering a ‘security incident’ involving a third-party contractor which resulted in the unauthorized access to a set of user contact information.
The breach was detected after the firm noticed unusual activity within its environment, which it traced back to a third-party vendor that provides services for its Support Team. Once discovered, GrubHub reportedly launched an investigation and found unauthorized access to an account associated with the vendor.
The company says it took ‘immediate action’ to contain the situation and is now confident the incident is ‘fully contained’. The leaked data includes names, email addresses, phone numbers, and partial payment information for a group of users. It’s also believed the threat actor had access to hashed passwords for legacy systems.
Know your vendor
Following the incident, GrubHub said it enhanced its security by implementing enhanced monitoring services, as well as strengthening credential security and engaging forensic experts to complete a comprehensive investigation.
This incident proves just how crucial monitoring your systems and your vendors is for businesses of all sizes. Third-party data breaches have become a major security concern thanks to the vast number of vendors most firms will use, many of which are smaller companies with smaller cybersecurity budgets.
“If you want to get into a big organization you go through [third-party vendors]. You go for the low hanging fruit. We’ve got 14,000 vendors globally providing everything from uniforms in retail branches to large scale data centers,” Standard Chartered Bank’s Benedict Peet told TechRadar Pro.
“You’ve got to have a scalable security questionnaire to ask them, but the risk is still the same, whether it’s a mum and pop shop in the back streets of Seoul or it’s at Atos Origin or someone like that.”
Data breaches put victims at risk of identity theft, so take a look at our choices for best identity theft protection if you’re concerned you might be affected.
Leave a comment