My TechDecisions

IT Infrastructure, Network Security

Robinhood Data Breach: Hacker Tricked Customer Support Employee By Phone

Stock trading platform, Robinhood announced an attacker socially engineered an employee to gain access to customer support systems.

Leave a Comment

Robinhood security breach
Wirestock/stock.adobe.com

Stock trading platform Robinhood announced that certain customer support systems were hacked in early November. The unauthorized party was able to gain access using social engineering through a customer support employee by phone. The hacker was able to obtain access to a list of email addresses of about five million people, and full names of a different group of two million people.

In a statement, the company reported around 310 customers’ personal information, such as name, date of birth, and zip codes were exposed with a subset of around ten customers having more extensive account details revealed, although it did not disclose what the details were.

Following the breach, the unauthorized party demanded an extortion payment. Robinhood informed law enforcement and is continuing to investigate the incident with an outsourced security firm. The company did not disclose how much the hackers demanded.

“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood’s Chief Security Officer Caleb Sima, in a statement. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”

Robinhood says it is in the process of making disclosures to those affected, and added that no social security numbers, bank account numbers, or debit card numbers were exposed. According to the company, there has been no financial loss to any customers as a result of the incident.

To avoid being a victim of an attack like this, the Cyber Security Infrastructure Security Agency (CISA) recommends being suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information.

If an unknown individual claims to be from a legitimate organization, CISA recommends verifying his or her identity directly with the company and to never provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ