The online stock trading platform Robinhood was hit by a data breach that affected approximately seven million of its customers, the company announced on Monday, November 8.
The Menlo Park, the California-based company, said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”
According to preliminary investigations, the person duped a customer support jobs employee into granting them access to certain customer support systems. According to the report, the person obtained a list of email addresses for approximately five million people and full names for another group of approximately two million people.
Additional personal information, including name, date of birth, and zip code, was exposed for a smaller number of people, believed to be around 310, with a subset of approximately 10 customers having more extensive account details revealed, Robinhood said, adding that it is in the process of contacting those affected by the breach.
It stated that it believes no Social Security numbers, bank account numbers, or debit card numbers were exposed and that no customers suffered financial loss due to the incident.
After the intrusion was limited, Robinhood said the perpetrator wanted an extortion payment. The corporation then alerted law enforcement and worked with an outside security firm to investigate the issue.
“As a safety-first company, we owe it to our customers to be transparent and act with integrity,” Robinhood chief security officer Caleb Sima said in a message posted on the company’s website. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Robinhood was founded by two Stanford graduates in 2013 to make investing easier and “democratize finance for all.
Source: Digital Trends