Financial Services Platform Loses Millions Of Customers' Data

Uploaded on 2021-11-15 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Popular US equities and crypto currency trading platform Robinhood Markets has revealed that it suffered a major data breach. Hackers gained access to the personal detailss of 7 million customers and are now have demanding a ransom payment.

An unauthorised third party “socially engineered a customer support employee by phone,” Robinhood said, and was able to access its customer support systems. 

“Late in the evening of November 3, we experienced a data security incident. An unauthorised third party obtained access to a limited amount of personal information for a portion of our customers.  A threat actor supposedly gained access to vital systems after calling in to a Robinhood customer support employee and using social engineering to gain access to data. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident, “ the Robinhood said in a blog.

The unauthorised access allowed the cyber criminals to obtain a list of email addresses for about 5 million customers and full names for another group of about 2 million people. For a limited number of people, about 310 in total, the information compromised included their names, date of birth and ZIP code. Furthermore, 10 customers had "more extensive account details revealed", the firm said.

Based on its investigation, Robinhood believes no bank account details, social security numbers or debit card numbers were exposed. Customers have seen no financial loss as a result of the breach, it claimed adding that the hackers have demanded an ransome payment.

The California-based company has said that it immediately informed law enforcement, but has not said if it paid any ransom to hackers and is investigating the breach with the help of cyber security experts from FireEye / Mandiant.

Robinhood offers a popular mobile app for trading crypto currency, stocks, and more. More than 22 million users have accounts at Robinhood, of which nearly 19 million users actively used the platform during September 2021, according to the company. "As a Safety First company, we owe it to our customers to be transparent and act with integrity...  Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do." Robinhood's said CSO Caleb Sima.

The data breach is thought to be the largest suffered by Robinhood, although not the first. In 2020, cyber criminals stole customer funds after infiltrating nearly 2,000 accounts at Robinhood. That time Robinhood said the attack did not arise from a beach of its internal systems but as a result of hackers targeting  customers whose email addresses had already been compromised independently of Robinhood. 

Robinhood:        DIGIT:   The Verge:       Newsbreak:     ITPro:     WSJ:      The Record:      Computing

You Might Also Read: 

Reputational Damage & The Human Factor In Social Media:

 

« FBI Email Hackers Send Thousands Of Fake Messages
Leading the Way in Cyber Security Skills »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

CYBERSEC Forum

CYBERSEC Forum

CYBERSEC Forum is an annual European Public Policy Conference dedicated to strategic aspects of cybersecurity.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.