Trading platform Robinhood, already in trouble on various fronts, now faces a data breach that could affect as many as seven million customers.
The company said the that personal information of customers was accessed during a data breach on 3 November. This was followed by a ransom demand.
In a blog, Robinhood stated: “Late in the evening of November 3, we experienced a data security incident. An unauthorised third party obtained access to a limited amount of personal information for a portion of our customers. Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.
“The unauthorised party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.
“We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people.”
Robinhood Chief Security Officer Caleb Sima added: “As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.
“After we contained the intrusion, the unauthorised party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”
According to a report in The Verge, Robinhood has had a rocky 2021 so far. In January, it halted trading as Redditors helped push up the prices of so-called meme stocks like GameStop and AMC Theaters. The incidents led to a congressional hearing where CEO Vlad Tenev testified along with Reddit CEO Steve Huffman and trader Keith Gill aka RoaringKitty.
The company began trading on the Nasdaq exchange in July, with the worst market debut among 51 US firms that raised as much money or more than Robinhood, according to data from Bloomberg.
