Robinhood Trading Platform Data Breach Hits 7M Customers

upstart writes:

Robinhood Trading Platform Data Breach Hits 7M Customers:

The cyberattacker attempted to extort the company after socially engineering a customer service employee to gain access to email addresses and more.

Investor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers - roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers.

The trading platform, which found itself in the middle of the infamous GameStop stock price run-up in January, acknowledged that the breach was a result of a system compromise that occurred on Nov. 3. The company said that the adversary was able to target an employee to gain access to sensitive company systems. After that, the perpetrator attempted to extort the company, demanding payment in return for not releasing the stolen data.

"The unauthorized party socially engineered a customer-support employee by phone and obtained access to certain customer support systems," Robinhood said Monday in a statement. It added, "After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm."

For 5 million of the victims, the cybercrook made off with email addresses. For 2 million of them, the attacker also absconded with full names. Meanwhile, names, birth dates and ZIP codes were stolen for 310 people, and "more extensive account details" were heisted for 10 more, the company said.

Read more of this story at SoylentNews.