Robinhood, the American financial services platform has disclosed a data breach incident yesterday, which actually happened earlier this month.
The company reported an unauthorized party accessing data of over 7 million people but assured that no financial loss to customers occurred since there was no leak of bank accounts, card details, or social security numbers. However, it hired a security firm to investigate the issue further.
Robinhood Data Breach
In a blog post yesterday, Robinhood informed the public about a data breach incident on November 3rd this year. It explained that an unauthorized party had social-engineered one of its customer support representatives and accessed data of over 7 million people.
Breaking that, the party has accessed the email addresses of about 5 million people and the full names of other 2 million people.
Further, more details like names, dates of birth, and zip codes about other 310 people involved. Further, Robinhood said “more extensive account details” of 10 customers were also exposed in the incident.
While it didn’t explain those extensive details, it assured that no social security numbers, bank account numbers, or debit card details were exposed in the breach. On a question by The Verge that any customer was specifically targeted, Robinhood said it’s investigating the incident.
It hired the third-party security firm Mandiant to investigate the process. While it’s being done, Robinhood’s chief security officer Caleb Sima said
“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
The company also revealed that the unauthorized party who accessed the information had asked for an “extortion payment” but didn’t explain whether it had paid or not.
But, it immediately informed the incident law enforcement. Robinhood’s share price slipped by 3% on Monday after this revelation.