The trading platform Robinhood announced it had experienced a data breach on November 3rd that exposed the information belonging to millions of customers. While most affected customers only had one or two data points compromised, several customers had a breadth of sensitive information impacted by the attack.
What to Know About the Breach and What Information is at Risk:
Hackers gained access to the platform's customer support system after posing as a customer support employee by phone.
Email addresses of around five million customers and the full names of two million people were compromised in the attack.
Around 310 people had their names, dates of birth and zip codes compromised, while an additional 10 customers had "more extensive account details revealed."
After the hackers demanded an extortion payment, Robinhood alerted law enforcement of the breach. The trading platform has also started to make "appropriate disclosures to affected people."
What Data Was Not Exposed:
Robinhood said in a statement no Social Security Numbers, bank account numbers or debit card numbers were exposed in the breach and that "there has been no financial loss to any customers as a result of the incident."
What To Do About This?
If you have been notified by Robinhood about the breach, or are simply one of their customers, here are some steps you can take:
Reset your Robinhood password out of an abundance of caution, even though passwords were not among the information stolen for most individuals. If you were using that password, or a variation of the password, on any other online accounts, we advise changing those passwords to something unique and different.
Watch out for email scams, and contact us or forward suspicious emails to our team so we can let you know what to do.
As always, if you have any questions, please let us know by emailing us at ask@BlackCloak.io. We are happy to help!
