Robinhood, the commission-free stock trading app company, announced this past week that it experienced a security breach that compromised the data of approximately seven million customers.
The incident occurred on November 3 and began when a cybercriminal convinced a customer support employee to make certain support systems accessible. The hacker used this access to obtain a list of email addresses for about five million customers and the full names of about two million other customers. An additional group of around 310 people had other personal information exposed including full name, birth date, and zip code. About a third of its customers were impacted by the breach.
The attackers also demanded money during the event. The company was able to contain the attack and it was reported to law enforcement. Robinhood has said that it’s in the process of contacting the affected customers.
Robinhood doesn’t believe any social security, banking, or credit card numbers were compromised, and to date no customer has suffered financial loss from the incident. The concern is that the exposed information could be leveraged to facilitate further attacks and data breaches.
Any customer of Robinhood who suspects their data may have been involved is advised to take immediate protective action including changing their passwords, examining their credit data, altering any security checks that rely on their date of birth, and utilizing such enhanced protections as two-factor authentication.
The high-profile breach represents a serious blow to the brokerage’s efforts to get more users to trust their financial dealings to the growing brokerage and to overcome damage done by previous security breaches.
In a separate incident last year, almost 2,000 Robinhood accounts were looted in a hacking attack made worse with a highly publicized lack of customer service assistance.