DoorDash is facing a proposed class-action lawsuit over a recent data breach that exposed users’ personal information.
The lawsuit, filed last week in Northern California District Court, argues that DoorDash’s failure to prevent the incident has put victims at risk of identity theft and the costs associated with that.
The San Francisco-based delivery company confirmed the data breach on Nov. 13. It said that a cybercriminal gained access to its systems by targeting an employee with a social engineering scam.
The criminal was then able to get ahold of the first and last names, phone numbers, email addresses and physical addresses of DoorDash customers, merchants and couriers. The company did not disclose how many people were impacted.
It emphasized that no sensitive information was exposed, like credit card numbers, drivers license info or social security numbers. It shut down the attack and said it has taken steps to boost its security since.
The lawsuit was filed by Michelle Andrizzi, a DoorDash customer, on behalf of a proposed class that would include all individuals whose information was accessed in the cyberattack. It argues that DoorDash should have done more to protect users’ data, like encrypting it or deleting info it no longer needed. It asks for financial damages and other relief and calls for a jury trial.
In a statement Monday, a DoorDash spokesperson said, "This lawsuit is meritless and appears to have been filed in a rush to chase headlines and fees. We take data security seriously and will vigorously defend ourselves."
Data breach lawsuits are becoming more common as cyberattacks increase and as the cases themselves have proven to be winnable for plaintiffs. From 2018 to 2024, the number of data breach class actions surged by more than 1,265%, according to law firm Duane Morris.
The lawsuits are one of the many costs to bear for companies that are hit with a cyberattack. The average cost of a data breach globally is $4.4 million, but it’s $10.2 million in the U.S., according to IBM.
DoorDash had not responded to a request for comment as of publication time.
Members help make our journalism possible. Become a Restaurant Business member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.