On Monday, mobile app digital exchange Robinhood posted an announcement on its blog site that it experienced a security breach last Wednesday, Nov. 3 affecting more than 7 million members. The Robinhood post states that the attack has been contained and that its investigation found that there was no exfiltration of financial data, held assets, or Social Security numbers.
The cyberattack started when a rogue third-party manipulated a Robinhood customer support employee by phone. Using social engineering tactics, the individual obtained unauthorized access to various customer support systems and client databases. The scanner downloaded a data panel comprising email addresses for five million people, and full names of two million other people.in a different data set.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,”
said Robinhood Chief Security Officer Caleb Sima.
“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
The Robinhood information security team disclosed that once the cyber threat was contained, the attackers sent a communique demanding an extortion payment. Robinhood did not confirm whether they paid the ransom, but they did contact law enforcement officials. The digital exchange company also confirmed that their investigation is ongoing, and they have engaged the services of a leading outside security firm.
On The Flipside
- Robinhood’s stock (HOOD) closed down nearly 3.5 percent following the news, the broader market was only down 0.3 percent.
Why You Should Care?
If you use Robinhood contact their support team as soon as possible. Hundreds of accounts had more detailed data stolen. Make sure you weren’t one of those individuals.