The company said that it does not appear that Social Security numbers, bank account numbers, or debit card numbers were exposed
Trading app Robinhood said Monday that personal information of over 7 million customers was accessed during a data breach on November 3. The company said in a news release that it does not appear that Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers have had “financial loss” due to the incident.
Robinhood also said that hackers also obtained additional personal information, including name, date of birth, and zip code, for 310 customers, and more extensive account details for 10 of those customers, and that the company is in the process of making appropriate disclosures to affected people.
The culprit called customer support and, pretending to be an authorised party, duped a Robinhood employee into providing access to the customer support computer system, a hacker technique referred to as “social engineering”, the company said in a blog post.
After stealing information from Robinhood, the hacker tried to extort payment from the company, which opted to alert the police and warn users about the breach, according to the post.
We owe it to our customers to be transparent and act with integrity, Robinhood chief security officer Caleb Sima said in the post. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.
The data breach is the latest event in a busy year for Robinhood. Back in January, the trading platform played a major part in a coordinated short squeeze of GameStop stock, with investors collectively buying the stock to punish hedge funds that had bet on its decline. The resulting trading frenzy drew Congress’ attention to Robinhood, including a five-hour hearing about the service Robinhood provides and whether it’s ultimately beneficial or harmful for retail investors.