On or about October 25, 2025, DoorDash became aware of a cybersecurity incident (the “Data Breach”) involving unauthorized access to sensitive personal information. The breach occurred after a DoorDash employee fell victim to a social engineering scam, allowing an outside actor to gain access to internal systems. DoorDash engaged external cybersecurity specialists and law enforcement to investigate the incident and determine its scope.
Founded in 2013, DoorDash is a leading food delivery platform serving customers, Dashers, and merchants across the U.S., Canada, Australia, and New Zealand. Its services include on-demand delivery and logistics solutions for millions of users worldwide.
DoorDash sent data breach notification letters to those affected and published information on its website. The company also set up a dedicated call center to answer questions from impacted users. If you received a Data Breach notification letter from DoorDash, it confirms that your information was potentially exposed.
What information is involved in the DoorDash Data Breach?
Compromised information may include:
Name
Email Address
Phone Number
Physical Address
Your Personally Identifiable Information (PII) includes details that can be used to identify you. Organizations are legally obligated to safeguard this data, and failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.
A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is safeguarded under both federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.
If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.
Residents of California benefit from additional privacy protections on info and belief of passwords being part of the breach under the California Consumer Privacy Act (CCPA), which grants enhanced rights regarding personal data.
If you received a NOTICE OF DATA BREACH letter from DoorDash, and are a resident of California, your personal and financial information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.
Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.