Online brokerage company Robinhood revealed Monday that nearly a third of its more than 22 million customers had their personal information hacked – including 310 users whose dates of birth, emails and names were stolen.
The Silicon Valley upstart said hackers gained access to five million customer email addresses and the full names of an additional two million customers in a breach on November 3.
In a blog posted after trading closed Monday, Robinhood claimed that an ‘unauthorized party’ had demanded a ransom.
The company was able to patch the breach and assured its hacked customers that social security, bank account, and debit card numbers were not exposed and none of them had funds taken from their accounts.
Online brokerage app Robinhood announced on Monday that seven million of their users had their personal information breached – including 310 people whose dates of birth, email and names were exposed
The company said in a statement that an ‘unauthorized party’ had gained access to the information and even demanded an extortion payment after they contained the intrusion
The statement claimed that the unauthorized party had obtained access to the information by manipulating a customer support employee on the phone.
A limited number of customers – 310 people – had their names, dates of birth and zip codes exposed, with an additional ten customers having further details breached.
The company, based in Menlo Park, Calif., contacted law enforcement, which is working with security firm Mandiant to investigate the incident.
‘As a Safety First company, we owe it to our customers to be transparent and act with integrity,’ Robinhood Chief Security Officer Caleb Sima said in the company statement.
‘Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.’
Robinhood Chief Security Officer Caleb Sima
Robinhood’s shares dipped three percent on Monday following the announcement
The company has more than 22 million customers with funded accounts, with 19 million active since September.
Since the after-hours announcement, Robinhood’s shares dropped three percent to 36.84.
This breach is not the first time that Robinhood has dealt with security issues.
In October 2020, hackers stole funds from nearly 2,000 users after gaining access to their accounts.
Robinhood claimed that particular breach was not due to a hack in the system.
They also said that in that incident that a ‘limited’ number of their customers were affected because the email addresses used for their accounts had been exposed outside of the company’s app.
Customers launched complaints that there was a lack of support service because there was no one to call during the crisis.
‘We fully understand potential fraudulent or suspicious activity in a financial account can cause concern and we always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete our investigation, resolve any account issues and process any refund,’ a Robinhood spokesperson had said in a previous statement.
Robinhood was launched as a free stock trading app in 2013 by Vlad Tenev and Baiju Bhatt to allow users to easily load cash and buy and sell stocks and options.
Robinhood creators Vlad Tenev (left) and Baiju Bhatt (right) founded the company in 2013
During the pandemic, the app had added about 13 million users, with the median age range being 31, as it was found to be easy and accessible for young and upcoming investors.
Despite the company’s rising success, it also faced criticism for allowing young, inexperienced users to trade on the app.
Nebraska college student Alexander E. Kearns, 20, committed suicide in June 2020 after discovering a negative balance of over $730,000 in his account.
The app also faced controversy after freezing trade on GameStop during an internet-fueled frenzy over the stock in January, which prompted several lawsuits to be filed against the company.
Robinhood was fined $57 million in late June by the Financial Industry Regulatory Authority for technical failures and ordered to pay $13 million in restitution to thousands of customers.