Mobile stock trading platform Robinhood disclosed a security incident that exposed names and email addresses of nearly 7 million customers, as well as “extensive account details” of a small portion of its users.
The data breach took place on November 3, when a hacker obtained access to certain customer support service by tricking a customer support employee using social engineering techniques. While the company said that the attacker got access only “to a limited amount of personal information for a portion of our customers”, it admitted that stolen information included email addresses for approximately 5 million people, and full names for a different group of approximately 2 million people.
The hacker also stole names, email addresses, dates of birth, zip codes and additional personal information for 310 customers, and “more extensive account details” for approximately 10 people.
“We believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the company said in a blog post revealing the data breach.
Robinhood said the attacker “demanded an extortion payment” and that it promptly informed law enforcement.