Food delivery service DoorDash revealed on Thursday that a data breach may have exposed the personal information of 4.9 million customers, merchants and workers.
In a blog post, the company said it learned earlier this month about "unusual activity involving a third-party service provider." After an investigation, the company discovered some DoorDash user data had been improperly accessed on May 4.
The company says profile information, credit card and bank account numbers may have been exposed, as well as the driver's license numbers of 100,000 DoorDash workers. DoorDash says the kind of financial information that was accessed "is not sufficient" to make fraudulent charges or withdrawals.
It also says the breach only affected users who joined the platform on or before April 5, 2018.
Since the breach was discovered, DoorDash has blocked the unauthorized provider and instituted a series of security updates. It also says it's brought in outside experts to help it prevent future cyberattacks.
Additional reporting from Newsy affiliate CNN.