Robinhood Data Breach Impacted Millions of Users — Here’s How the Extortion Attempt Affects You

security-breach
©Shutterstock.com

Robinhood revealed it had experienced a data security incident on November 3 affecting millions of customers, as an unauthorized third party obtained access to a limited amount of personal information for a portion of its customers. In addition, the unauthorized party demanded an extortion payment.

Social Security Poll: What Matters Most to You?
Find: Was Money Stolen From Your Bank Account? Here’s How To Get It Back

“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the company said in a statement.

Robinhood said the unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems.

Related: How To Protect Your Financial Information From ‘Data Hungry’ Apps You Use for Social Media, Shopping and More

Mandiant, an outside security firm who Robinhood retained for this incident, said that “Robinhood quickly contained the security incident and conducted a thorough investigation to assess the impact.”

“Mandiant has recently observed this threat actor in a limited number of security incidents, and we expect they will continue to target and extort other organizations over the next several months,” Charles Carmakal, Mandiant SVP and CTO, told GOBankingRates.

Make Your Money Work Better for You

More: Deflation, Inequality and Hackers Encompass Top Economic Concerns of 3 Prominent Wall Street Experts

Robinhood said in the statement that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. In addition, for a limited number of people — approximately 310 in total — additional personal information including name, date of birth and zip code was exposed, with a subset of approximately 10 customers having more extensive account details revealed.

“We are in the process of making appropriate disclosures to affected people,” according to the statement.

The company added that after it contained the intrusion, the unauthorized party demanded an extortion payment.

Learn: Social Security Card and 4 Other Things You Should Never Keep in Your Wallet
Explore: You Won’t Believe What Hackers Can Do With Your SSN

“We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm,” according to the statement.

More From GOBankingRates

Make Your Money Work Better for You

About the Author

Yaël Bizouati-Kennedy is a former full-time financial journalist and has written for several publications, including Dow Jones, The Financial Times Group, Bloomberg and Business Insider. She also worked as a vice president/senior content writer for major NYC-based financial companies, including New York Life and MSCI. Yaël is now freelancing and most recently, she co-authored  the book “Blockchain for Medical Research: Accelerating Trust in Healthcare,” with Dr. Sean Manion. (CRC Press, April 2020) She holds two master’s degrees, including one in Journalism from New York University and one in Russian Studies from Université Toulouse-Jean Jaurès, France.

Untitled design (1)
Close popup The GBR Closer icon

Sending you timely financial stories that you can bank on.

Sign up for our daily newsletter for the latest financial news and trending topics.

Loading...
Please enter an email.
Please enter a valid email address.
There was an unknown error. Please try again later.

For our full Privacy Policy, click here.