A data breach that reportedly affected more than 4.9 million DoorDash users is the subject of a proposed class action lawsuit in which the company is accused of failing to implement adequate security measures on its food delivery platform.
The 11-page lawsuit out of New York claims DoorDash, Inc., despite touting data security as “one of its primary selling points,” experienced a data breach in May 2019 during which an unauthorized party supposedly gained access to the personal information of millions of DoorDash customers and at least 100,000 drivers. Although the company reportedly assured customers that their passwords were not stolen, users were advised to change all their online passwords to protect from possible identity theft, the case says.
Moreover, the driver’s license numbers of thousands of the company’s food delivery drivers were similarly compromised, according to the case. The lawsuit argues that although DoorDash has assured users that those who joined the platform after April 5, 2018 were not affected by the breach, no third party has yet confirmed this.
DoorDash, the suit says, had every opportunity to reinforce its security measures yet failed to take “reasonable, industry-standard steps” to ensure that its users’ data would remain protected. The lawsuit further argues that the breach was not disclosed to customers “for at least five months” during which their information may have been circulated on the internet. From the complaint:
“It is expected that the private information of plaintiff and class members is for sale on the ‘dark web’ and will be used for nefarious and mischievous ends, which ultimately will harm plaintiffs and class members in time, money and reputation.”