Retail investing app Robinhood has been the victim of a data security incident which has exposed information of around seven million people.
The unauthorised third party obtained a list of email addresses for five million people and the full names of an additional two million people. Robinhood also believes additional information, including names, date of birth and zip code, of around 310 people was also exposed.
Even more extensive information on ten of its customers was also exposed, however, Robinhood did not disclose what this additional leaked information was.
Robinhood has completed its investigation and believes no social security numbers, bank account numbers or debit card numbers were exposed, and no financial loss has been felt by customers.
The attacker managed to access the information after they socially engineered a customer support employee by phone and obtained access to certain customer support systems.
Once Robinhood had contained the intrusion, it claims the unauthorised party demanded an extortion payment. The investment platform has reported the incident to law enforcement and is continuing to investigate the incident with the support of security firm Mandiant.
Robinhood is in the process of reaching out to the customers affected.
Robinhood chief security officer Caleb Sima said, “As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Cybercrime continues to grow, with ransomware becoming a major tool for criminals. In Q3 2021, there has been a 148% year-on-year rise in the number of ransomware attacks, with 190.4 million attacks recorded, according to data from SonicWall.
With the threats more prevalent than ever, consumers are most fearful of identity fraud and stolen credit card information happening in the wake of an incident, according to a report from Computer Services.
Copyright © 2018 RegTech Analyst