Robinhood, the American financial services platform has disclosed a data breach incident yesterday, which actually happened earlier this month.
The company reported an unauthorized party accessing data of over 7 million people but assured that no financial loss to customers occurred since there was no leak of bank accounts, card details, or social security numbers. However, it hired a security firm to investigate the issue further.
Robinhood Data Breach
In a blog post yesterday, Robinhood informed the public about a data breach incident on November 3rd this year. It explained that an unauthorized party had social-engineered one of its customer support representatives and accessed data of over 7 million people.
Breaking that, the party has accessed the email addresses of about 5 million people and the full names of other 2 million people.
Further, more details like names, dates of birth, and zip codes about other 310 people involved. Further, Robinhood said โmore extensive account detailsโ of 10 customers were also exposed in the incident.
While it didnโt explain those extensive details, it assured that no social security numbers, bank account numbers, or debit card details were exposed in the breach. On a question by The Verge that any customer was specifically targeted, Robinhood said itโs investigating the incident.
It hired the third-party security firm Mandiant to investigate the process. While itโs being done, Robinhoodโs chief security officer Caleb Sima said
โFollowing a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.โ
The company also revealed that the unauthorized party who accessed the information had asked for an โextortion paymentโ but didnโt explain whether it had paid or not.
But, it immediately informed the incident law enforcement. Robinhoodโs share price slipped by 3% on Monday after this revelation.