Robinhood Hack Exposed The Personal Data Of 7 Million Customers
November 14, 2021
Return to Learning Center
Robinhood, the popular stock-trading app, acknowledged that a recent data breach has compromised the personal information of roughly 7 million of its customers. In a "data security incident" on the evening of November 3, 2021, Robinhood said that an unauthorized third party had obtained a list of email addresses for approximately 5 million of its customers, as well as the full names for a separate group of around 2 million users. Another group of customers had further personal information exposed - around 310 customers had information including their name, date of birth, and zip code compromised, while roughly 10 users had more extensive account details revealed.
According to Robinhood, the data breach occurred after the attackers socially engineered a customer support employee by phone and obtained access to certain customer support systems. It said the unauthorized party in question subsequently demanded an extortion payment from the company, which promptly informed law enforcement. Robinhood added that it is continuing to investigate the incident with the help of outside cybersecurity firm Mandiant.
State Attorney Generals around the country are warning citizens be cautious. For example, William Tong, Attorney General of Connecticut said "data breaches, particularly those involving ransom demands, are a ubiquitous modern threat to businesses and consumers. The Robinhood hacker will likely now use the email addresses and names they have harvested to send phishing emails to try to extract additional personal information and money. Robinhood has indicated that it will not email any security alert containing a link to its users. If you receive one, it is a scam and report it immediately. As always, carefully review and verify any email before you click on a link or respond."
Robinhood's stock price quickly sank after the news and it is now facing a proposed class action lawsuit alleging negligence and breach of contract related to this data security breach that exposed millions of customers' personal information. Four Robinhood users filed a complaint in New York federal court arguing the popular online brokerage should be held accountable for failing to implement the "cyber-security procedures and protocols necessary to protect" its customers' personal identifying information, or PII.
We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.