Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.
The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”
Initial investigations suggest the culprit tricked a customer support employee into giving them access to certain customer support systems.
It said the person behind the incident managed to obtain a list of email addresses for around five million people and full names for a different group of around two million people.
For a more limited amount of people believed to number around 310, additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed, Robinhood said, adding that it is in the process of contacting those affected by the breach.
It said it believes no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.
After it contained the intrusion, Robinhood said the culprit demanded an extortion payment. The company then contacted law enforcement and is now examining the incident with the help of an outside security firm.
“As a safety first company, we owe it to our customers to be transparent and act with integrity,” Robinhood chief security officer Caleb Sima said in message posted on the company’s website. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Robinhood was founded by two Stanford graduates in 2013 with the aim of making investing easier and to “democratize finance for all.”