Robinhood data breach is the latest attack to target personal data. After an employee was fooled into giving a hacker access to internal systems, Robinhood has announced a data breach revealing approximately 7 million users’ information.
Robinhood data breach
On November 3, an unauthorized person phoned up the client service of our investing app and gained access to all customers’ information. After gaining access to sensitive user information, they called back and convinced a Robinhood employee to provide them with per-user access. They obtained around 5 million emails and the complete names of roughly 2 million more individuals after that.
That’s bad enough, but it gets worse. Robinhood also stated that around 310 additional personal information was exposed, including names, birth dates, and zip codes. Ten of these individuals had additional information from their accounts exposed, but Robinhood didn’t specify what this included. Fortunately, Robinhood believes that no Social Security numbers, bank account numbers, or credit card numbers were among the data stolen.
The hacker attempted to demand a ransom from Robinhood, although the firm refused to disclose how much was demanded or if they had actually paid it. However, according to a Robinhood representative, the firm will continue to demand security training for its employees, including educating them about social engineering attacks, and it is “working to introduce new security countermeasures.”
According to Robinhood, law enforcement was informed, and Mandiant is investigating the breach. The firm also plans to contact affected users about the breach.
“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” said Robinhood Chief Security Officer Caleb Sima in a post on the company’s official blog.
Unfortunately, there is little you can do to avoid becoming a victim of data breaches. If you provide your information to a firm that is then duped into handing it over to a hacker, it’s the company’s fault.
If you want to be a part of the solution, complete your time-consuming and required data security training so you don’t repeat the mistake made by this Robinhood employee.