Online stock trading platform Robinhood announced Monday a hacker obtained the email addresses or names of approximately seven million of its customers. Approximately 310 customers had their personal information exposed as part of the same breach.
The breach occurred Nov. 3, when a hacker “socially engineered a customer support employee by phone and obtained access to certain customer support systems,” Robinhood stated. The hacker then “obtained a list of email addresses for approximately five million people and full names for a different group of approximately two million people,” the company said.
More concerning is the 310 people whose personal information was compromised, including their names, dates of birth, and zip codes. Ten customers had “more extensive account details revealed,” Robinhood disclosed.
“Based on our investigation, the attack has been contained, and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood stated.
The company added the hacker demanded an extortion payment. Robinhood said it “promptly informed law enforcement” but did not say whether or not it paid the ransom. It continues to investigate the incident with the help of security firm Mandiant.