Grubhub announced a data breach caused by unauthorized access via a third-party support provider’s account. The breach exposed names, email addresses, phone numbers, partial payment card details (card type and last four digits for some campus diners), and hashed passwords from certain legacy systems.

The Grubhub Marketplace itself was not affected, and sensitive data such as Social Security numbers, full card details, and merchant logins were not compromised. In response, the company has rotated passwords, enhanced monitoring, and strengthened security. Users are advised to use unique passwords for their accounts.