DoorDash Data Breach Class Action Lawsuit -- Names, Emails, Phone Numbers, and Addresses of Customers, Dashers, and Merchants Exposed
By Steve Levine
Published: March 28, 2026
Status: Early-Stage Lawsuit (No Settlement)
Filed: November 18, 2025
Claim Form: None -- does not exist
A class action lawsuit has been filed against DoorDash after a data breach exposed the personal information of an unknown number of users -- including customers, delivery drivers (dashers), and merchants. The exposed data includes names, email addresses, phone numbers, and physical addresses.
The lawsuit alleges that DoorDash failed to take basic steps to protect user data: it did not encrypt the information, did not delete old data from former users that it had no reason to keep, and did not properly secure its network against unauthorized access. There is no settlement. There is no claim form. There is no money available. This is an early-stage lawsuit.
There Is No Settlement and No Claim Form
This lawsuit was filed on November 18, 2025 in federal court in San Francisco. It is in its earliest stage. There is no settlement. There is no claim form. There is no money available. You cannot file a claim right now. If anyone tells you otherwise, they are wrong.If the case eventually settles or the plaintiff wins at trial, a claims process would be established at that point and eligible users would be notified. That could take months to years. For now, this is a case to watch.
What Does the Lawsuit Allege?
The complaint lays out a straightforward case: DoorDash collected massive amounts of personal information from every customer who placed an order, every dasher who made a delivery, and every merchant who used the platform. The lawsuit alleges DoorDash then failed to protect that data.Specifically, the complaint alleges DoorDash did not encrypt or tokenize sensitive personal information, did not delete data from former users that it no longer had a reason to maintain, did not eliminate unnecessary accessibility of the data from the internet, and did not adequately review or improve the security of its network systems.
The result was a data breach that exposed names, email addresses, phone numbers, and physical addresses of some users. The lawsuit alleges this stolen data could end up for sale on the dark web or be used for targeted identity theft and fraud.
Who Could Qualify If This Lawsuit Succeeds?
The proposed class includes all individuals in the United States whose personally identifiable information was accessed or acquired by an unauthorized party in the DoorDash data breach. This includes customers who placed orders, dashers who made deliveries, and merchants who used the platform.The class has not been certified by the court. Until it is, the definition could change.
What the Plaintiff Experienced
The named plaintiff, Michelle Andrizzi, is a California resident and DoorDash customer. The complaint alleges she faces a lifetime risk of identity theft because the exposed information -- names, email addresses, phone numbers, and physical addresses -- cannot be changed and cannot be made private again once stolen.The lawsuit says the harm includes the lost value of stolen personal information, costs of monitoring for identity theft, time spent dealing with the consequences, and emotional distress from losing control over sensitive data.
What Is the Lawsuit Asking For?
The complaint seeks compensatory damages (actual losses from the breach), statutory damages, nominal damages, punitive damages, and injunctive relief. The injunctive relief is extensive -- the lawsuit asks the court to order DoorDash to encrypt all user data, delete data it has no reason to keep, implement a comprehensive security program, hire independent security auditors for regular penetration testing, segment its network with firewalls, conduct regular database scans, and appoint an independent assessor for 10 years to evaluate compliance.The lawsuit also seeks attorneys' fees and a jury trial.
The Legal Claims
The complaint brings six causes of action: negligence (DoorDash failed to use reasonable care to protect data), negligence per se (DoorDash violated the FTC Act's data security requirements), breach of third-party beneficiary contract (DoorDash's contracts with merchants and partners were supposed to protect user data), breach of implied contract (users provided data with the understanding it would be protected), invasion of privacy (the unauthorized disclosure of private information), and breach of fiduciary duty (DoorDash was in an exclusive position to protect user data and failed).What Should You Do Right Now?
There is no action required today. No claim form exists. If you are a DoorDash customer, dasher, or merchant and you received a breach notification from DoorDash, hold onto that notification. Monitor your accounts for suspicious activity. Consider freezing your credit if you are concerned about identity theft.Be cautious of any website or social media post claiming you can "file a DoorDash data breach claim" right now. No legitimate claims process exists. When one does, it will be announced by the court. You can find out about another similar DoorDash open class action, that is now closed to new claims.
Case Information
Case: Andrizzi v. DoorDash Inc., No. 3:25-cv-09926-AGT
Court: U.S. District Court, Northern District of California
Filed: November 18, 2025
Plaintiff: Michelle Andrizzi (California)
Defendant: DoorDash Inc. (San Francisco, CA)
Data Exposed: Names, email addresses, phone numbers, physical addresses
Affected Users: Customers, dashers, and merchants
Legal Claims: Negligence, negligence per se, breach of third-party beneficiary contract, breach of implied contract, invasion of privacy, breach of fiduciary duty
Damages Sought: Compensatory, statutory, nominal, punitive, injunctive relief
Settlement: None -- early-stage lawsuit
Claim Form: None -- does not exist
Jury Trial: Requested
Plaintiff's Counsel: Srourian Law Firm, P.C. (Beverly Hills, CA)
How Do I Find Class Action Settlements?
Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:Class Action Complaint (PDF)
Sources
• Class action complaint, Andrizzi v. DoorDash Inc., No. 3:25-cv-09926-AGT (N.D. Cal., filed Nov. 18, 2025)About This Lawsuit
This is an active, early-stage class action lawsuit. There is no settlement, no claim form, and no money available at this time. If the case results in a settlement or verdict, eligible consumers will be notified through the court system. OpenClassActions.com will update this page as the case progresses. OpenClassActions.com is a consumer advocacy and class action news site, and is not a class action administrator or a law firm.
For more class actions keep scrolling below.
DraftKings & FanDuel Addiction Lawsuits
Status: Open
Submit Claim
Kids Playing Roblox - Alleged Abuse
Pre-Qualify Here
Submit Claim
$990K Differin Acne Product Settlement
Deadline: May 19, 2026
Submit Claim
$4.17M RevitaLash Conditioner Settlement
Deadline: April 20, 2026
Submit Claim
$87.5M Beef Prices Settlement
Deadline: June 30, 2026
Submit Claim
Dollar General Bait & Switch Settlement
Deadline: April 13, 2026
Submit Claim
Belkin Power Bank Settlement
Deadline: March 30, 2026
Submit Claim
Cosequin Dog Supplements Settlement
Deadline: July 21, 2026
Submit Claim
Depo Provera Investigation
Deadline: Pending
Pre-Qualify| DoorDash Data Breach Lawsuit Summary | |
| Status | Filed — Early Stage (No Settlement) |
|---|---|
| Case Number | 3:25-cv-09926-AGT (N.D. Cal.) |
| Filed | November 18, 2025 |
| Data Exposed | Names, emails, phone numbers, addresses |
| Affected Users | Customers, dashers, merchants |
| Settlement | None — early-stage lawsuit |
| Claim Form | None — does not exist yet |
| Damages Sought | Compensatory, statutory, punitive, injunctive |
| Plaintiff's Counsel | Srourian Law Firm, P.C. |