Robinhood breach exposes data on millions of users
The online brokerage said an intruder obtained personal information on about 7 million customers and then demanded payment.
Robinhood Markets Inc. said personal information of about 7 million people — or roughly a third of its customers — was compromised in a data breach last week and that the culprit had demanded payment.
The intruder obtained email addresses of about 5 million people as well as full names for a separate group of about 2 million, Robinhood said Monday in a statement. For some customers, even more personal data was exposed, including names, birth dates and ZIP codes of about 310 people, and more extensive information belonging to a group of about 10.
The Menlo Park, California-based brokerage said it doesn’t believe any Social Security, bank account or debit card numbers were exposed during the incident, which occurred last Wednesday, or that any customers incurred financial losses.
The hacker made threats about what would be done with the compromised information, although it wasn’t a ransomware attack, according to a Robinhood spokesperson, who declined to say whether the firm paid the perpetrator.
InvestmentNews wants to hear from you! Please take a minute to complete this form, so we can better understand and serve our readers.
"*" indicates required fields
Shares of Robinhood fell 3% to $36.84 in extended trading at 5:30 p.m. in New York. The shares were little changed on the year through the close of regular trading.
The attack hinged on a phone call with a customer service representative, whom the intruder used to gain access to support systems, according to the statement. Robinhood said it contained the breach, notified law enforcement and enlisted security firm Mandiant Inc. to investigate the breach.
Charles Carmakal, chief technology officer at Mandiant, said that Robinhood “conducted a thorough investigation to assess the impact” and that his firm expects the intruder to continue to target and extort other organizations over the next several months.
In a separate episode last year, almost 2,000 Robinhood accounts were compromised in a hacking spree in which customer accounts were looted. Some complained there was no one available to call.
Since then, the company has been working to demonstrate that it’s a reliable brokerage for new investors. Executives often repeat the maxim that Robinhood is a “safety first” company.
Robinhood, which helped popularize free trading, went on a hiring binge for customer-service staff, more than tripling the size of that team in 2020. The brokerage opened offices in Arizona, Texas and Colorado as part of its expansion. It unveiled 24/7 phone support last month.
Learn more about reprints and licensing for this article.
