Another company is in the news because of a data breach. This time it’s food delivery company DoorDash. No one associated with the company was safe from this breach – it affected customers, employees, and merchants. Close to five million people who joined the service before April 5, 2018 were affected. Names, phone numbers, email addresses, delivery addresses, order history, phone numbers, hashed passwords, partial credit card/bank account numbers were compromised. Approximately 100,000 company drivers had their driver’s license number stolen as well.

How It Happened

Unsurprisingly, the company isn’t saying much about how the data was compromised. In their press release, DoorDash gave us the date of the breach: May 4, 2019. It took almost five months to notify the victims, which raises questions of its own.

Additionally, they did note “unusual activity involving a third-party service provider.” Third-party compromise happens a lot. Remember the massive CapitalOne data breach that happened earlier this year? That incident involved a cloud service provider.

What to Do

When news hits that a service you use or used in the past has experienced a data breach, your first step is to find out if your data was affected. Companies, as required by law, will often notify you directly and/or set up a website where additional steps will be provided. Depending on what information was stolen, you may have to update your password or other account information and/or sign up for credit monitoring. The company will provide you with recommended steps to take.

When visiting your account after a data breach notification, it’s best to go to the website directly instead of using links in emails, especially if you’re not sure you can tell the difference between a legitimate site and a knock-off. Cyber criminals have no qualms about using recent news to generate fraudulent emails in order to steal even more information and/or payment details!

Additionally, if you believe you are at greater risk of identity theft and have no short term plans to open new lines of credit, you may want to freeze your credit with each of the three major credit bureaus: Equifax, TransUnion, and Experian. There used to be a small fee to do this, but thanks to U.S. legislation in 2018, this is now free.

With so much personal data stored online, data breaches are an unfortunate part of our reality. To ensure our financial well being, we must take the time to protect ourselves.