Trading platform Robinhood revealed that it experienced a data security incident on November 3 and hackers accessed personal information of more than seven million customers during the data breach.
An unauthorised third-party socially engineered a customer support employee by phone and obtained access to certain customer support systems of the stock-trading app last week.
“We understand that the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” Robinhood said in a statement on Monday.
Robinhood has controlled the cyber attack from unknown hacker. Robinhood said no social security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.
“We also believe that for a more limited number of people — approximately 310 in total — additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed,” the trading platform revealed.
Hackers demanded an extortion payment and according to Robinhood. It informed law enforcement and was continuing to investigate the incident with the help of cyber security firm Mandiant.
Robinhood Chief Security Officer Caleb Sima said: “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”