Robinhood Data Breach Impacted Millions of Users — Here’s How the Extortion Attempt Affects You

Robinhood revealed it had experienced a data security incident on November 3 affecting millions of customers, as an unauthorized third party obtained access to a limited amount of personal information for a portion of its customers. In addition, the unauthorized party demanded an extortion payment.
Social Security Poll: What Matters Most to You?
Find: Was Money Stolen From Your Bank Account? Here’s How To Get It Back
“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the company said in a statement.
Robinhood said the unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems.
Mandiant, an outside security firm who Robinhood retained for this incident, said that “Robinhood quickly contained the security incident and conducted a thorough investigation to assess the impact.”
“Mandiant has recently observed this threat actor in a limited number of security incidents, and we expect they will continue to target and extort other organizations over the next several months,” Charles Carmakal, Mandiant SVP and CTO, told GOBankingRates.
More: Deflation, Inequality and Hackers Encompass Top Economic Concerns of 3 Prominent Wall Street Experts
Robinhood said in the statement that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. In addition, for a limited number of people — approximately 310 in total — additional personal information including name, date of birth and zip code was exposed, with a subset of approximately 10 customers having more extensive account details revealed.
“We are in the process of making appropriate disclosures to affected people,” according to the statement.
The company added that after it contained the intrusion, the unauthorized party demanded an extortion payment.
Learn: Social Security Card and 4 Other Things You Should Never Keep in Your Wallet
Explore: You Won’t Believe What Hackers Can Do With Your SSN
“We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm,” according to the statement.
More From GOBankingRates