Grubhub, one of the biggest food delivery platforms in the U.S., has revealed that hackers broke into its systems and got their hands on personal details of customers and drivers. The breach has sparked worries about the safety of user data on popular apps.

The company, which connects millions of users with over 375,000 restaurants and 200,000 delivery drivers across the country, noticed suspicious activity in its network. After digging deeper, Grubhub found that the breach stemmed from a third-party service provider.

“We quickly shut down the compromised account and removed the provider from our systems,” the company stated. While it didn’t specify how many people were affected, the breach impacted those who interacted with Grubhub’s customer care team. Users of its Campus Dining service, which lets college students use meal credits for food delivery, were also hit.

Hackers reportedly accessed names, email addresses, phone numbers, and the last four digits of payment card details for some campus diners. Passwords for older systems were also exposed, though Grubhub reassured users that sensitive information like Social Security numbers and bank account details remained untouched.

Surprisingly, Grubhub hasn’t shared when the incident took place or the exact number of people affected. The company has yet to respond to inquiries about the breach, leaving many questions unanswered.

This isn’t the first time Grubhub has made headlines. Last fall, it was acquired by Wonder Group in a $650 million deal—a far cry from the $7.3 billion Just Eat Takeaway paid for it in 2020.

As data breaches become more common, this incident serves as a reminder to stay vigilant about protecting personal information online. If you’re a Grubhub user, it might be worth checking your account for any unusual activity and updating your password just to be safe.