Why did it take so long to report the breach? That question is still unanswered as of the writing of this article.
According to TechCrunch.com, DoorDash spokesperson, Mattie Magdovitz, blamed the breach on “a third-party service provider,” but the third-party has yet to be named.
Mattie said, "We immediately launched an investigation and outside security experts were engaged to assess what occurred."
It is being reported that users who joined the platform before April 5, 2018, had their name, email and delivery addresses, order history, phone numbers and passwords stolen. The company also said consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen. Around 100,000 delivery workers also had their driver’s license information stolen in the breach.
I am sure in the coming days and weeks there will be a lot of finger-pointing and blame to go around, but one thing is for sure, breaches and hacks of this nature are not going away. In fact, I would argue that they will likely become more prevalent and commonplace.
At Withum, we are the world’s “Trusted Advisors.” Our team of professionals consist primarily of Certified Public Accountants (CPAs). As CPAs we “Own” the audit space. Over two years ago our profession released the framework on a new audit that can only be provided by CPAs….a SOC for Cybersecurity Report. That report assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs.
Withum has been a leader in driving awareness in the profession around this service and has assisted a number of our clients in this space. If you need another set of eyes to examine your company’s cybersecurity readiness, reach out to us as soon as possible. Our managing director of Advisory Services, Jim Bourke is a leader in this space, traveling around the globe assisting companies in protecting private and confidential information. He and his team of professionals are available to discuss your company’s cybersecurity readiness concerns 24/7.