Financial Services Platform Loses Millions Of Customers' Data

Uploaded on 2021-11-15 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Popular US equities and crypto currency trading platform Robinhood Markets has revealed that it suffered a major data breach. Hackers gained access to the personal detailss of 7 million customers and are now have demanding a ransom payment.

An unauthorised third party “socially engineered a customer support employee by phone,” Robinhood said, and was able to access its customer support systems. 

“Late in the evening of November 3, we experienced a data security incident. An unauthorised third party obtained access to a limited amount of personal information for a portion of our customers.  A threat actor supposedly gained access to vital systems after calling in to a Robinhood customer support employee and using social engineering to gain access to data. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident, “ the Robinhood said in a blog.

The unauthorised access allowed the cyber criminals to obtain a list of email addresses for about 5 million customers and full names for another group of about 2 million people. For a limited number of people, about 310 in total, the information compromised included their names, date of birth and ZIP code. Furthermore, 10 customers had "more extensive account details revealed", the firm said.

Based on its investigation, Robinhood believes no bank account details, social security numbers or debit card numbers were exposed. Customers have seen no financial loss as a result of the breach, it claimed adding that the hackers have demanded an ransome payment.

The California-based company has said that it immediately informed law enforcement, but has not said if it paid any ransom to hackers and is investigating the breach with the help of cyber security experts from FireEye / Mandiant.

Robinhood offers a popular mobile app for trading crypto currency, stocks, and more. More than 22 million users have accounts at Robinhood, of which nearly 19 million users actively used the platform during September 2021, according to the company. "As a Safety First company, we owe it to our customers to be transparent and act with integrity...  Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do." Robinhood's said CSO Caleb Sima.

The data breach is thought to be the largest suffered by Robinhood, although not the first. In 2020, cyber criminals stole customer funds after infiltrating nearly 2,000 accounts at Robinhood. That time Robinhood said the attack did not arise from a beach of its internal systems but as a result of hackers targeting  customers whose email addresses had already been compromised independently of Robinhood. 

Robinhood:        DIGIT:   The Verge:       Newsbreak:     ITPro:     WSJ:      The Record:      Computing

You Might Also Read: 

Reputational Damage & The Human Factor In Social Media:

 

« FBI Email Hackers Send Thousands Of Fake Messages
Leading the Way in Cyber Security Skills »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

International Association of Security Awareness Professionals (IASAP)

International Association of Security Awareness Professionals (IASAP)

IASAP provides a members-only virtual sharing platform where security awareness professionals engage in a lively, year-round exchange of information and ideas.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

CyberSG TIG Centre

CyberSG TIG Centre

CyberSG TIG Centre aims to propel Singapore as the world’s premier cybersecurity innovation hub for economic growth.

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (formerly SecurityMadeIn.lu) is the backbone of leading-edge cyber resilience in Luxembourg.