DoorDash has reported a data breach that occurred in October 2025, affecting user contact information. The company began notifying impacted users via email, revealing that unauthorized access had compromised personal data, which may include names, addresses, phone numbers, and email addresses. The breach originated from a DoorDash employee who fell victim to a social engineering scam. Once the breach was detected, DoorDash's incident response team acted quickly to shut down access and initiated an investigation while involving law enforcement. The extent of the breach remains unclear, with no specific number of affected users disclosed. However, it impacted a mix of consumers, Dashers, and merchants. This incident is the third significant security breach for DoorDash, following a 2019 breach that exposed data from around 5 million users and another breach in August 2022 connected to attacks on Twilio. Users have expressed frustration over the delay in notifications, with some questioning the company's assessment of the information's sensitivity. Concerns have been raised that DoorDash may not have fully complied with Canadian data breach laws. Users are advised to be cautious of unsolicited communications that may seem to come from DoorDash and to avoid clicking on suspicious links. The company has stated that it is taking steps to enhance security, including employee training and working with a cybersecurity firm. A toll-free number has been provided for users seeking more information about the breach.