Robinhood, the commission-free investing platform, has suffered an enormous data breach, according to a statement the company made.
Related: Volkswagen Vendor Data Breach Exposed Details of 3.3 Million Customers
Late in the evening of November 3, Robinhood experienced a data security incident, involving an unauthorized third party obtaining access to a limited amount of personal information for some of its customers. Based on the company’s investigation, the attack has been contained with no Social Security numbers, bank account numbers, or debit card numbers exposed. The platform claims that its customers haven’t suffered any financial loss.
How did the data breach happen and how many Robinhood customers were affected?
Apparently, an unauthorized third party “socially engineered a customer support employee by phone and obtained access to certain customer support systems.” As a result, a list of email addresses for approximately five million people, and full names for a different group of approximately two million people were obtained. Additional personal information for 310 other people was also exposed, including name, date of birth, and zip code. More extensive account information was taken from 10 other customers. Robinhood says they are currently working on making appropriate disclosures to the affected individuals.
The intruders demanded an extortion payment
After Robinhood “contained the intrusion,” the cybercriminals demanded an extortion payment. The company informed law enforcement and are currently investigating the incident with cybersecurity firm Mandiant.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” said Robinhood Chief Security Officer Caleb Sima.
What to do, if affected?
“If you are a customer looking for information on how to keep your account secure, please visit Help Center > My Account & Login > Account Security. When in doubt, log in to view messages from Robinhood—we’ll never include a link to access your account in a security alert,” Robinhood added.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: