On October 25, 2025, an unauthorized third party gained access to DoorDash’s internal systems after successfully social engineering a company employee. The number of affected individuals was not disclosed. Exposed data varied by individual and may include first and last name, phone number, email address, and physical address for consumers, Dashers (gig workers), and merchants. No Social Security numbers, government-issued IDs, driver’s licenses, or payment card details were accessed. DoorDash shut down unauthorized access, engaged an external forensic firm, implemented additional security controls and employee training, and referred the matter to law enforcement.