Grubhub, a popular US food delivery platform, has disclosed a data breach that exposed the personal details of customers, drivers, and merchants. The Illinois-based company revealed that hackers accessed its internal systems, compromising sensitive information including names, email addresses, phone numbers, and partial payment card details.

Grubhub, which was acquired by New York-based Wonder Group last fall in a deal valued at $650 million, detected "unusual activity" in its network, tracing it back to a third-party service provider. The company promptly launched an investigation, identifying unauthorized access to an account associated with the provider, and subsequently terminated the account's access and removed the service provider from its systems.

The breach affected users of Grubhub's customer care service, as well as its Campus Dining service, which allows university students to use their meal credits on the food delivery app. According to Grubhub, the accessed personal details include names, email addresses, phone numbers, and partial payment card information, including the last four digits of the card number, for a "subset" of campus diners.

Furthermore, the hackers also accessed hashed passwords for certain legacy systems, although Grubhub assured that bank account details and Social Security numbers were not affected by the breach. Notably, the company has not disclosed the exact number of individuals affected by the breach or when the incident occurred.

The data breach raises concerns about the security of customer data in the food delivery industry, particularly given Grubhub's massive user base and extensive network of merchants and drivers. With over 375,000 merchants and 200,000 delivery providers using its platform in more than 4,000 US cities, the potential impact of the breach is significant.

Grubhub's response to the breach has been criticized for lacking transparency, with the company failing to provide key details about the incident. The company did not immediately respond to TechCrunch's questions, leaving many questions unanswered.

The incident serves as a reminder of the importance of robust cybersecurity measures in the digital age, particularly for companies handling sensitive customer data. As the food delivery industry continues to grow, companies like Grubhub must prioritize the protection of customer information to maintain trust and prevent further breaches.

In the wake of the breach, customers and users of Grubhub's services are advised to remain vigilant and monitor their accounts for any suspicious activity. The company's failure to disclose key details about the breach has sparked concerns about the potential long-term impact on its users.