Financial Services Platform Loses Millions Of Customers' Data

Popular US equities and crypto currency trading platform Robinhood Markets has revealed that it suffered a major data breach. Hackers gained access to the personal detailss of 7 million customers and are now have demanding a ransom payment.

An unauthorised third party “socially engineered a customer support employee by phone,” Robinhood said, and was able to access its customer support systems. 

“Late in the evening of November 3, we experienced a data security incident. An unauthorised third party obtained access to a limited amount of personal information for a portion of our customers.  A threat actor supposedly gained access to vital systems after calling in to a Robinhood customer support employee and using social engineering to gain access to data. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident, “ the Robinhood said in a blog.

The unauthorised access allowed the cyber criminals to obtain a list of email addresses for about 5 million customers and full names for another group of about 2 million people. For a limited number of people, about 310 in total, the information compromised included their names, date of birth and ZIP code. Furthermore, 10 customers had "more extensive account details revealed", the firm said.

Based on its investigation, Robinhood believes no bank account details, social security numbers or debit card numbers were exposed. Customers have seen no financial loss as a result of the breach, it claimed adding that the hackers have demanded an ransome payment.

The California-based company has said that it immediately informed law enforcement, but has not said if it paid any ransom to hackers and is investigating the breach with the help of cyber security experts from FireEye / Mandiant.

Robinhood offers a popular mobile app for trading crypto currency, stocks, and more. More than 22 million users have accounts at Robinhood, of which nearly 19 million users actively used the platform during September 2021, according to the company. "As a Safety First company, we owe it to our customers to be transparent and act with integrity...  Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do." Robinhood's said CSO Caleb Sima.

The data breach is thought to be the largest suffered by Robinhood, although not the first. In 2020, cyber criminals stole customer funds after infiltrating nearly 2,000 accounts at Robinhood. That time Robinhood said the attack did not arise from a beach of its internal systems but as a result of hackers targeting  customers whose email addresses had already been compromised independently of Robinhood. 

Robinhood:        DIGIT:   The Verge:       Newsbreak:     ITPro:     WSJ:      The Record:      Computing

You Might Also Read: 

Reputational Damage & The Human Factor In Social Media:

 

« FBI Email Hackers Send Thousands Of Fake Messages
Leading the Way in Cyber Security Skills »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

ES2

ES2

ES2 is a consulting organisation specialising in Enterprise Security and Solutions Services.

Cyscale

Cyscale

Cyscale automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

SpecTrust

SpecTrust

SpecTrust provides an all-in-one defense solution for identity abuse & fraud, enabling your company's talent to stay focused on the core business.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Synersoft BLACKbox

Synersoft BLACKbox

Synersoft, the maker of path-breaking and disruptive technology for SMEs, now branded as BLACKbox, is an incubated and invested portfolio company of CIIE - IIM-Ahmedabad.