Financial Services Platform Loses Millions Of Customers' Data

Uploaded on 2021-11-15 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Popular US equities and crypto currency trading platform Robinhood Markets has revealed that it suffered a major data breach. Hackers gained access to the personal detailss of 7 million customers and are now have demanding a ransom payment.

An unauthorised third party “socially engineered a customer support employee by phone,” Robinhood said, and was able to access its customer support systems. 

“Late in the evening of November 3, we experienced a data security incident. An unauthorised third party obtained access to a limited amount of personal information for a portion of our customers.  A threat actor supposedly gained access to vital systems after calling in to a Robinhood customer support employee and using social engineering to gain access to data. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident, “ the Robinhood said in a blog.

The unauthorised access allowed the cyber criminals to obtain a list of email addresses for about 5 million customers and full names for another group of about 2 million people. For a limited number of people, about 310 in total, the information compromised included their names, date of birth and ZIP code. Furthermore, 10 customers had "more extensive account details revealed", the firm said.

Based on its investigation, Robinhood believes no bank account details, social security numbers or debit card numbers were exposed. Customers have seen no financial loss as a result of the breach, it claimed adding that the hackers have demanded an ransome payment.

The California-based company has said that it immediately informed law enforcement, but has not said if it paid any ransom to hackers and is investigating the breach with the help of cyber security experts from FireEye / Mandiant.

Robinhood offers a popular mobile app for trading crypto currency, stocks, and more. More than 22 million users have accounts at Robinhood, of which nearly 19 million users actively used the platform during September 2021, according to the company. "As a Safety First company, we owe it to our customers to be transparent and act with integrity...  Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do." Robinhood's said CSO Caleb Sima.

The data breach is thought to be the largest suffered by Robinhood, although not the first. In 2020, cyber criminals stole customer funds after infiltrating nearly 2,000 accounts at Robinhood. That time Robinhood said the attack did not arise from a beach of its internal systems but as a result of hackers targeting  customers whose email addresses had already been compromised independently of Robinhood. 

Robinhood:        DIGIT:   The Verge:       Newsbreak:     ITPro:     WSJ:      The Record:      Computing

You Might Also Read: 

Reputational Damage & The Human Factor In Social Media:

 

« FBI Email Hackers Send Thousands Of Fake Messages
Leading the Way in Cyber Security Skills »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYBERPOL

CYBERPOL

CYBERPOL is the leading Public Utility Agency for investigating cyber crimes and cyber attacks by criminals, international adversaries.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

Sumo Logic

Sumo Logic

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Camel Secure - ZeroRisk

Camel Secure - ZeroRisk

Camel Secure is a company specialized in the development of products for information security and technology risk management.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

DataSixth Security Consulting

DataSixth Security Consulting

DataSixth delivers Cybersecurity Intelligence. With our unique capabilities, we’re able to deliver value, deliver answers, and deliver actionable security intelligence.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

GISEC Global

GISEC Global

GISEC Global provides vendors and companies from around the world with access to lucrative opportunity to capitalize on what's set to become one of the world's booming markets.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.