[neka]

Yeah - it boils down to ye olde case of people reusing passwords. Half of the article talking about GDPR and the ICO is irrelevant. What's happened is she has an easy/reused password that's ended up in a breach, fraudster locks her out of the account and offers discounted deliveroo orders to their customers and she gets charged. That's it.

[CydeWeys]

It sounds like Deliveroo could step up their security then, as they don't seem to be doing much to catch credential stuffing, suspicious/fraudulent orders, etc. They could be doing way more.