If you got a DoorDash breach notice in late 2025, this lawsuit is about you — but there is no settlement and no claim form yet, so there is nothing to file today.
Allegations Only · No Settlement Yet
This article describes a class action complaint. The statements below are unproven allegations. DoorDash, Inc. has not been found liable, there is no certified class, and there is nothing to claim at this time. This page is general information, not legal advice.
What Is the DoorDash Data Breach Lawsuit About?
A class action lawsuit has been filed against DoorDash after a 2025 data breach exposed the personal information of customers, delivery drivers (dashers), and merchants. According to DoorDash, the exposed data includes first and last names, email addresses, phone numbers, and physical addresses. The case is Andrizzi v. DoorDash Inc., No. 3:25-cv-09926-AGT, in the U.S. District Court for the Northern District of California.The lawsuit alleges that DoorDash failed to take basic steps to protect user data — that it did not encrypt the information, did not delete old data from former users it had no reason to keep, and did not adequately secure its network against unauthorized access. These are allegations the court has not ruled on. There is no settlement, no claim form, and no money available. This is an early-stage lawsuit.
What Happened in the DoorDash Breach? (2026 Update)
DoorDash disclosed the incident publicly on November 13, 2025. The company has said the breach stemmed from a social engineering attack — an employee was reportedly tricked into giving an unauthorized party access to internal systems — which DoorDash says it detected in late October 2025. DoorDash has stated that the information involved was limited to names, email addresses, phone numbers, and physical addresses, and that no Social Security numbers, government identification numbers, or payment card information were accessed. DoorDash did not publicly state how many people were affected.As of June 2026, the lawsuit remains in its early stages. No class has been certified, no settlement has been reached, and no claim form exists. We will update this page as the case develops.
There Is No Settlement and No Claim Form
This lawsuit was filed on November 18, 2025 in federal court in San Francisco and is in its earliest stage. There is no settlement, no claim form, and no money available — you cannot file a claim right now. If anyone tells you otherwise, be cautious.If the case eventually settles or the plaintiffs prevail, a claims process would be established at that point and eligible users would be notified through the court. That can take months to years. For now, this is a case to watch.
What Does the Lawsuit Allege?
The complaint alleges that DoorDash collected large amounts of personal information from every customer who placed an order, every dasher who made a delivery, and every merchant who used the platform — then failed to protect it.Specifically, the complaint alleges DoorDash did not encrypt or tokenize sensitive personal information, did not delete data from former users it no longer had a reason to maintain, did not eliminate unnecessary exposure of the data to the internet, and did not adequately review or improve the security of its network systems. The lawsuit alleges the exposed data could end up for sale on the dark web or be used for targeted identity theft and fraud. DoorDash has not been found liable for any of this.
Who Could Qualify If This Lawsuit Succeeds?
The proposed class includes all individuals in the United States whose personally identifiable information was accessed or acquired by an unauthorized party in the DoorDash data breach — customers who placed orders, dashers who made deliveries, and merchants who used the platform. The class has not been certified by the court, so the definition could still change.What the Named Plaintiff Alleges
The named plaintiff is a California resident and DoorDash customer. The complaint alleges she faces an ongoing risk of identity theft because the exposed information — names, email addresses, phone numbers, and physical addresses — cannot be changed and cannot be made private again once exposed. The lawsuit says the alleged harm includes the lost value of personal information, costs of monitoring for identity theft, time spent dealing with the consequences, and emotional distress from losing control over sensitive data.What Is the Lawsuit Asking For?
The complaint seeks compensatory damages, statutory damages, nominal damages, punitive damages, and extensive injunctive relief. The requested injunctive relief asks the court to order DoorDash to encrypt all user data, delete data it has no reason to keep, implement a comprehensive security program, hire independent security auditors for regular penetration testing, segment its network with firewalls, conduct regular database scans, and appoint an independent assessor for 10 years to evaluate compliance. The lawsuit also seeks attorneys' fees and a jury trial.The Legal Claims
The complaint brings six causes of action: negligence, negligence per se (premised on the FTC Act's data security requirements), breach of third-party beneficiary contract, breach of implied contract, invasion of privacy, and breach of fiduciary duty. Each remains an unproven allegation.What Should You Do Right Now?
There is no action required today and no claim form exists. If you are a DoorDash customer, dasher, or merchant and you received a breach notification, hold onto it. Monitor your accounts for suspicious activity, watch for phishing emails and texts that reference DoorDash, and consider placing a free credit freeze if you are concerned about identity theft.Be cautious of any website or social media post claiming you can “file a DoorDash data breach claim” right now — no legitimate claims process exists yet, and when one does, it will be announced through the court. For context on a separate, now-closed DoorDash case, see our coverage of the DoorDash Illinois tip settlement.
Frequently Asked Questions
Is there a class action lawsuit against DoorDash for a data breach?
Yes. A class action, Andrizzi v. DoorDash Inc., was filed November 18, 2025 in the U.S. District Court for the Northern District of California (Case No. 3:25-cv-09926-AGT). The lawsuit alleges DoorDash failed to protect the personal information of customers, dashers, and merchants, resulting in a 2025 data breach that exposed names, email addresses, phone numbers, and physical addresses. These are unproven allegations; DoorDash has not been found liable.
Can I file a claim in the DoorDash data breach lawsuit?
Not yet. The case is in its early stages. There is no settlement, no claim form, and no money available. If the case eventually settles or the plaintiffs win, a claims process would be established and eligible users would be notified. For now, there is nothing to sign up for, and you should be wary of any site claiming you can file a DoorDash breach claim today.
What information was exposed in the DoorDash data breach?
DoorDash said the 2025 breach exposed first and last names, email addresses, phone numbers, and physical addresses of some customers, dashers, and merchants. DoorDash stated that no Social Security numbers, government ID numbers, or payment card information were involved. The lawsuit alleges DoorDash failed to encrypt this data and kept old data from former users that it had no reason to retain.
How did the DoorDash data breach happen?
DoorDash has said the breach stemmed from a social engineering attack in which an employee was tricked into giving an unauthorized party access to internal systems. DoorDash says it detected the incident in late October 2025 and disclosed it publicly on November 13, 2025. The company did not state how many people were affected.
Who qualifies for the DoorDash data breach lawsuit?
The proposed class includes individuals in the United States whose personal information was accessed in the DoorDash breach — customers, dashers (delivery drivers), and merchants. No class has been certified, so the definition could change as the case proceeds.
Free settlement alerts
Get notified when new class actions open to claims
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.
Class Action Complaint (PDF)
Sources
• Class action complaint, Andrizzi v. DoorDash Inc., No. 3:25-cv-09926-AGT (N.D. Cal., filed Nov. 18, 2025)• DoorDash data breach notice and public statement (Nov. 13, 2025)
