Robinhood Data Breach Leaves Millions Potentially Vulnerable
Mandiant is helping with Robinhood's investigation of the data breach.
Robinhood, the online stock trading platform, says about 7 million customers’ personal information was compromised in a data breach last week.
That represents about one-third of Robinhood’s customers. The intruder obtained email addresses of about 5 million people. They also got full names for a separate group of about 2 million.
Robinhood confirmed the data breach occurred on Nov. 3.
In a blog, Robinhood said the unauthorized party socially engineered a customer support employee by phone and got access to certain customer support systems.
Additional personal information, including name, date of birth and zip code were exposed for 310 people. In addition, a subset of about 10 customers had more extensive account details revealed.
“We are in the process of making appropriate disclosures to affected people,” Robinhood said. “After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”
Mandiant Helping Out
Mandiant confirmed it is working with Robinhood. It sent us this statement from Charles Carmakal, its senior vice president and CTO:
“Robinhood quickly contained the security incident and conducted a thorough investigation to assess the impact. Mandiant has recently observed this threat actor in a limited number of security incidents and we expect they will continue to target and extort other organizations over the next several months.”
Caleb Sima is Robinhood‘s chief security officer.
“As a safety-first company, we owe it to our customers to be transparent and act with integrity,” he said. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Scroll through our slideshow above for more important details on the Robinhood data breach.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author
You May Also Like