Robinhood Markets Inc (NASDAQ: HOOD) revealed that its online trading platform suffered a data breach in which millions of its retail clients have been affected.
In a blog post, Robinhood said the data security incident occurred late on the evening of November 3. A hacker “socially engineered a customer support employee by phone and obtained access to certain customer support systems.”
Approximately 18.9 retail investors are trading stocks and cryptocurrencies on Robinhood. A majority of them are millennials and novice or inexperienced investors.
Based on its investigation, the hacker obtained the e-mail addresses of five million people and the full names of a different group of approximately two million individuals.
Additionally, the hacker exposed the names, dates of birth, and zip codes of approximately 310 people and stole more extensive account details of approximately 10 customers.
“We are in the process of making appropriate disclosures to affected people,” according to the online trading platform.
Robinhood assured its clients that the data breach has been contained and “no Social Security numbers, bank account numbers, or debit card numbers were exposed.” The data breach did not result in financial loss to any customers based on its investigation.
Hacker demanded extortion payment from Robinhood
According to Robinhood, the hacker demanded extortion payment after it contained the intrusion into its platform. The company immediately reported the hacker’s demand to law enforcement.
Mandiant, a cybersecurity firm is helping the online trading platform in its ongoing investigation into the data breach.
Robinhood Chief Security Officer Caleb Sima said, “As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
In October last year, cybercriminals gained access to almost 2,000 customer accounts on Robinhood. Some customers reported that their funds were stolen and the company failed to immediately respond to their request for help to stop the hacking or unauthorized transactions.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.