Robinhood Discloses Data Breach, Seven Million Customers Affected

Robinhood Discloses Data Breach, Seven Million Customers Affected

Source: Robinhood

Robinhood disclosed a data breach and security incident that has affected seven million users. Learn all about it below.

Financial services company Robinhood revealed that it had suffered a data breach on November 3rd. An external user obtained access to the organization’s customer support systems via social engineering by phone. This allowed the third-party individual(s) to access lists of email addresses, full names, and additional personal information for Robinhood’s customers. A total of seven million users are apparently affected by this breach, though the amount of personal info exposed depends on the user.

ALERT: Our Buyer’s Guide for SIEM helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and a Bottom Line Analysis for each vendor profile.

Robinhood stated that the unauthorized party obtained access to a list of email addresses for five million customers and full names for a separate list of full names for two million customers. In addition, the user gained access to more in-depth personal information like full names, date of birth, and zip code for around 310 users, with a subset of 10 users having more extensive records stolen. The company is working to contact affected individuals.

In the company’s announcement, Robinhood’s Chief Security Officer Caleb Sima stated: “As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”

After accessing the data, the unauthorized user demanded an extortion payment to keep the data safe; the amount of this demand or motive for the demand was not disclosed. So far, Robinhood has not sent the payment and has informed law enforcement officials of the incident and ransom. The vendor is currently working with security firm Mandiant to investigate this matter.

To learn more about how you can protect your organization against cyber-attacks, consult our FREE Buyer’s Guide for Security Information and Event Management.


Daniel Hein