You are here: Home - Investing - Experienced Investor - News -

Robinhood trading app hit by data breach

Written by: Emma Lunn
US share-trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than seven million people.

In a blog post, the company said it experienced a ‘data security incident’ on the evening of 3 November when an unauthorised third party obtained access to a limited amount of personal information for some of the platform’s customers.

The platform said the attack had been ‘contained’ and it didn’t believe that any Social Security numbers, bank account numbers, or debit card numbers were exposed to the hackers.

However, a list of email addresses for about five million people, and full names for a different group of approximately two million people were accessed after the unauthorised party ‘socially engineered’ a customer support employee by phone and obtained access to customer support systems.

Robinhood admitted that for about 310 people, additional personal information, including name, date of birth, and postcode, were exposed, with about 10 customers having more extensive account details revealed. The platform said it was in the process of contacting the affected people.

Robinhood said it had rejected a demand for payment and reported the attack to law enforcement agencies and hired a cyber security firm to deal with the incident. Such ransom demands are not uncommon in cyber-attacks and usually amount to a promise not to sell on the compromised data or leak it for free online.

Chris Hauk, consumer privacy champion at Pixel Privacy, said: “I have long held that education is perhaps one of the most important tools a company can use to avoid data breaches like this. Socially engineered attacks like the Robinhood breach can possibly be avoided by educating employees and executives on the methods used by the bad actors of the world.”

Erich Kron, security awareness advocate at KnowBe4, said: “Social engineering continues to play a significant role in spreading malware and ransomware as well as in breaches such as this one. The bad actors behind these attacks are often highly-skilled and very convincing when they get a potential victim on the line.

“Unfortunately, technology is not good at stopping these attacks, so the best defence against these attempts is education and training. Employees should be trained to spot and report social engineering and phishing attacks using short, focused training modules and organisations should have a policy telling employees how to report these attacks.”

Related Posts

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

The savings accounts paying the most interest

It’s time to get your finances in shape, and moving your cash savings to a higher paying deal is a good plac...

Everything you need to know about being furloughed

Few people had heard of ‘furlough’ before March 2020, but the coronavirus pandemic thrust the idea of bein...

The experts’ guide to sorting out your personal finances in 2021

From opting to ‘low spend’ months to imposing your own ‘cooling-off period’, industry experts reveal t...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

Money Tips of the Week

Privacy Preference Center