- Robinhood Markets said on Monday a third party had gained access to the personal details of roughly seven million users
- Email addresses for around five million users were obtained, along with the full names for a separate group of roughly two million people
- However, Robinhood believes no social security or bank account numbers were stolen, and there has been no financial loss to any of the customers
- The company has informed law enforcement and is continuing to investigate the incident with the help an outside security firm
Trading platform Robinhood Markets said on Monday a third party had gained access to the personal details of roughly seven million users but stressed that no financial information was exposed.
According to a blog post, the unauthorised party “socially engineered” a customer support employee over the phone and obtained a list of email addresses for approximately five million people. The full names of a separate group of roughly two million people were also gathered.
In addition, Robinhood said it believes more detailed personal information — name, date of birth, zip code — was exposed for a much smaller group of around 310 people, while a subset of 10 users had “more extensive account details revealed”.
Nevertheless, Robinhood said it believes no social security numbers, bank account numbers, or debit card numbers were stolen, and that there has been no financial loss to any customer as a result of the incident, which took place on November 3.
“After we contained the intrusion, the unauthorised party demanded an extortion payment,” Robinhood said in a statement.
“We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”
Caleb Sima, Robinhood’s chief security officer, said the company owes it to its customers to be transparent and to act with integrity.
“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” he said.