Robinhood says no financial data, assets or social security numbers have been stolen
On Monday, mobile app digital exchange Robinhood posted an announcement on its blog site that it experienced a security breach last Wednesday, Nov. 3 affecting more than 7 million members. Robinhood’s post says the attack was contained and its investigation found that there had been no exfiltration of financial data, digital assets or social security numbers.
The cyberattack started when a rogue third-party manipulated a Robinhood customer support employee by phone. Using social engineering tactics, the individual gained unauthorized access to various customer support systems and customer databases. The scammer downloaded a data panel comprising email addresses for five million people, and full names of two million other people in a different data set.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Caleb Sima, Robinhood’s Chief Safety Officer. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Robinhood’s intelligence team revealed that once the digital threat was contained, the attackers issued a statement demanding an extortion payment. Robinhood did not confirm whether they paid the ransom, but they did contact law enforcement officials. The digital exchange company also confirmed that its investigation is continuing and Robinhood has also retained the services of a leading external cybersecurity firm.
