Another day, another data breach. This time, it’s Doordash, and the breach affected 4.9 million people.
DoorDash sent an email to users late last night, which was a fun piece of correspondence to wake up to this morning — or at 3 a.m. in my case.
Regardless, I appreciated getting a heads up before it showed up in all the morning e-newsletters I start receiving around 5 a.m. And it’s a good example of a crisis response PR pros can learn from.
Here’s what DoorDash did right in communicating the data breach.
DoorDash said what happened.
The findings: some bad person accessed user data back on May 4, 2019. DoorDash immediately launched an investigation.
DoorDash explained what information was involved in the breach.
It looks like the hackers could have gotten a hold of names, email addresses, delivery addresses (in my case, my home and business address), order history (they’re totally judging how much delivery I ordered during Summer 2016), phone numbers, and the last four digits of your credit card. Business Insider also said hackers could may have accessed the last four numbers of bank accounts for delivery workers and restaurants. DoorDash did make it clear that the credit card information accessed “is not sufficient to make fraudulent charges on your payment card.” (Phew.)
DoorDash explained what steps they took.
DoorDash said it immediately blocked the unauthorized user’s access, and took additional steps to further secure users’ data, like adding more security layers and bringing in outside experts “to increase our ability to identify and repel threats.” DoorDash also set up a dedicated, 24/7 call center for support (855-646-4683), as well as an FAQ page.
DoorDash told us what to do.
While DoorDash doesn’t think passwords were compromised, the company advised users to change their passwords anyway and provided a link to do so.
DoorDash said sorry.
In these exact words: “We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy. We are in the process of reaching out to those affected by this incident, and you may receive multiple communications from us if you are also a DoorDash merchant or Dasher. We know that you trust us to connect you with the best of your community, and we will never take that trust for granted.”