A Deliveroo data breach “incident” is said to have been reported to the ICO who have confirmed that they’re making inquiries.
Back in 2016, the food delivery company faced scrutiny after customers complained of fraudulent transactions on their accounts. In some cases, it appeared the issues were down to people’s credentials being stolen in hacks completely separate to Deliveroo. Criminals had used stolen credentials to access accounts in cases where credentials were reused.
Deliveroo were subsequently criticised over what some customers felt was a failure to spot and stop fraudulent transactions. In this latest incident, it appears that history may be repeating itself.
ICO made aware of a Deliveroo data breach incident
The Information Commissioner’s Office (ICO) – the UK’s data watchdog – has reportedly been made aware of some form of Deliveroo data breach “incident”.
The ICO confirmed that they have been made “aware of an incident and we will be making inquiries”.
In response, Deliveroo has reportedly made it clear that the incident arises from a customer’s username and password being used across multiple online accounts, and that any data breach is from a different platform, and not from Deliveroo itself. With the likes of the huge Collection #1 breach, and people still reusing the same credentials across multiple sites, that’s not surprising.
But let’s not forget that there’s more companies can do to spot and stop fraud…
This type of Deliveroo data breach incident can be stopped
The use of stolen information like it appears to be in this Deliveroo data breach incident can be stopped. Although you have to appreciate that it’s the people who must avoid using the same credentials for multiple online platforms, things can also be done by the companies as well.
For example, banks use a range of software to spot scams and fraud. There’s alerts that could be set up to inform account-holders and confirm genuine transactions.
Also, this isn’t the first time the likes of Deliveroo has been criticised by customers over what some feel is a failure to prevent such fraudulent transactions taking place. People have had to cancel cards and make complaints over thousands of pounds of food reportedly being fraudulently ordered on their accounts.
A Deliveroo data breach incident that stems from stolen credentials could be stopped with better education for the users, and more security by the company. As the dark web continues to fill with hacked information, it may be getting way easier for criminals to commit fraud using apps and platforms like Deliveroo.