Robinhood has revealed that an unauthorised third party has gained access to millions of customers’ data, adding to the company’s troublesome 2021.
The stock-trading platform said in a blog post that on 3 November a hacker socially engineered a customer support employee by phone and obtained access to certain customer support systems. The company said the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of two million people.
Robinhood added that for around 310 people, personal information like name, date of birth, and zip code were exposed, with a subset of around 10 customers having more extensive account details revealed, although it did not disclose what these details were.
Following the breach, the unauthorised party demanded an extortion payment, said the company, which informed law enforcement and is continuing to investigate the incident with the help of an outside security firm.
Robinhood is also in the process of making disclosures to those affected but believes that no social security numbers, bank account numbers, or debit card numbers were exposed. There has been no financial loss to any customers as a result of the incident.
RELATED RESOURCE
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID world
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood chief security officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
2021 has been a tricky year for Robinhood, which was summoned to a Congressional hearing in February after the company’s app facilitated a January GameStop squeeze. It was instigated by the subreddit r/WallStreetBets and the platform decided to halt trade on popular stocks, as reported by The Verge.
In July, the company had the worst debut ever for an IPO of its size, according to Bloomberg. Shares in the broker fell 8.4% below the IPO price in the company’s first trading session, the worst debut among 51 US firms that raised as much cash as Robinhood or more.
-
Anthropic CEO Dario Amodei claimed AI would be writing 90% of code by this point – we're still a long way offNews In March, Anthropic CEO Dario Amodei claimed up to 90% of code would be written by AI within six months – his prediction hasn't quite come to fruition.
-
Veracode bolsters leadership team for next growth chapterNews The application security vendor has named Anthony Barkley as chief strategy officer and Diana Bushard as general counsel
-
Hackers are abusing ConnectWise ScreenConnect, againNews A new spear phishing campaign has targeted more than 900 organizations with fake invitations from platforms like Zoom and Microsoft Teams.
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too lateNews Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.
-
The FBI says hackers are using AI voice clones to impersonate US government officialsNews The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Employee phishing training is working – but don’t get complacentNews Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard groupNews The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spotNews The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
