Financial and trading services company Robinhood disclosed Monday that it had been the victim of a cyberattack earlier this month. The company said that the data breach had affected millions of accounts on its platform.
Robinhood said hackers breached its systems on Nov. 3 and obtained information on millions of its customers. The hackers later demanded that the company send a payment for the return of the stolen data.
The online trading platform stated that hackers had obtained a list of email addresses for around 5 million people and complete names for another group of about 2 million people.
The company said the names, dates of birth, and zip codes of a small number of accounts, about 310 people, were stolen. Robinhood said detailed information of around 10 accounts were also obtained. Robinhood did not say what types of information from those 10 people were stolen.
Robinhood said it was able to halt the intrusion and stop the hackers from stealing more data. Once it stopped the breach, the hackers reportedly demanded an extortion payment. The company did not say if it had complied with the demand. Robinhood said it immediately contacted law enforcement to inform them about the incident.
The hackers were able to access Robinhood's customer support systems by impersonating a customer service representative over the phone. Robinhood said it is working on properly notifying affected customers about the breach, and it is continuing its investigation with the assistance of security company Mandiant.
Robinhood's chief security officer, Caleb Sima, said the company does consider the safety of its customers as its top priority, which is why it is striving to be as transparent as possible. Sima added that the company wants to put the entire Robinhood community on notice, which is the "right thing to do."
Apart from Robinhood, other trading companies - particularly those dealing with cryptocurrencies - have been victims of recent cyberattacks. Companies such as BitMEX, Ledger, and Celsius have had their systems breached in the past few months. Unlike Robinhood, the other companies had not really disclosed the extent of each attack apart from stating that around 1 to 3 million users were affected on each instance.
