Financial Services Platform Loses Millions Of Customers' Data

Uploaded on 2021-11-15 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Popular US equities and crypto currency trading platform Robinhood Markets has revealed that it suffered a major data breach. Hackers gained access to the personal detailss of 7 million customers and are now have demanding a ransom payment.

An unauthorised third party “socially engineered a customer support employee by phone,” Robinhood said, and was able to access its customer support systems. 

“Late in the evening of November 3, we experienced a data security incident. An unauthorised third party obtained access to a limited amount of personal information for a portion of our customers.  A threat actor supposedly gained access to vital systems after calling in to a Robinhood customer support employee and using social engineering to gain access to data. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident, “ the Robinhood said in a blog.

The unauthorised access allowed the cyber criminals to obtain a list of email addresses for about 5 million customers and full names for another group of about 2 million people. For a limited number of people, about 310 in total, the information compromised included their names, date of birth and ZIP code. Furthermore, 10 customers had "more extensive account details revealed", the firm said.

Based on its investigation, Robinhood believes no bank account details, social security numbers or debit card numbers were exposed. Customers have seen no financial loss as a result of the breach, it claimed adding that the hackers have demanded an ransome payment.

The California-based company has said that it immediately informed law enforcement, but has not said if it paid any ransom to hackers and is investigating the breach with the help of cyber security experts from FireEye / Mandiant.

Robinhood offers a popular mobile app for trading crypto currency, stocks, and more. More than 22 million users have accounts at Robinhood, of which nearly 19 million users actively used the platform during September 2021, according to the company. "As a Safety First company, we owe it to our customers to be transparent and act with integrity...  Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do." Robinhood's said CSO Caleb Sima.

The data breach is thought to be the largest suffered by Robinhood, although not the first. In 2020, cyber criminals stole customer funds after infiltrating nearly 2,000 accounts at Robinhood. That time Robinhood said the attack did not arise from a beach of its internal systems but as a result of hackers targeting  customers whose email addresses had already been compromised independently of Robinhood. 

Robinhood:        DIGIT:   The Verge:       Newsbreak:     ITPro:     WSJ:      The Record:      Computing

You Might Also Read: 

Reputational Damage & The Human Factor In Social Media:

 

« FBI Email Hackers Send Thousands Of Fake Messages
Leading the Way in Cyber Security Skills »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Cymune

Cymune

At Cymune we help businesses to fight against cybercrime, protect patented data and diminish security risks.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.

Reveald

Reveald

Reveald is making Exposure Management a reality to solve the biggest challenges in cybersecurity with a trailblazing ‘offense to defense’ approach that gives the advantage back to the business.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.

Couno

Couno

Couno is a trusted provider of IT support services throughout the UK and Europe.

SeQure

SeQure

SeQure is a novel cybersecurity and data observability company that offers Fortune 100 and Governments a zero-trust service to continuously monitor large network environments.

DOT Security

DOT Security

DOT Security provides advanced security services for businesses of all sizes.