Grubhub, the food delivery service, has been hacked. On Monday, the company confirmed a data breach that affects both its drivers and customers.

According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub's support team.

The hacker was able to access private information connected to customers, merchants, and drivers who previously interacted with Grubhub's customer service. Campus diners were also affected.

Grubhub says the exact type of data stolen is different for each affected individual. The hacker obtained names, email addresses, and phone numbers. The unauthorized user also stole partial payment card information from some campus diners, which include the card type and last four digits on the card. Hashed passwords for "certain legacy systems" were also obtained.

It's unclear just how big the data breach is.

Grubhub says an investigation found that the intrusion was carried out through an account connected to a third-party service provider. Upon noticing the intrusion, Grubhub said they immediately removed the compromised account's access and terminated the service provider entirely from their systems.

Grubhub shared that customer and merchant login credentials and passwords were not breached. Financial information such as full payment card numbers, bank account details, drivers licenses, and social security numbers were also unaffected.