[BreachExchange] Robinhood Notifies Public of Security Breach, 7 Million Individuals Impacted

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Tue Nov 9 09:08:02 EST 2021 

https://www.crowdfundinsider.com/2021/11/182681-robinhood-notifies-public-of-security-breach-7-million-individuals-impacted/

Robinhood (NASDAQ:HOOD) has revealed a security breach in its platform that
apparently took place on November 3, 2021. An attempt at extortion took
place following the theft of the information.

According to a blog post, an “unauthorized third party obtained access to a
limited amount of personal information for a portion of our customers.”

As it stands today, Robinhood believes the attack has been “contained” and
no Social Security numbers, bank account numbers, or debit card numbers
have been stolen.

Additionally, Robinhood claims there has been no financial loss affiliated
with the hack.

To quote the blog post:

“The unauthorized party socially engineered a customer support employee by
phone and obtained access to certain customer support systems. At this
time, we understand that the unauthorized party obtained a list of email
addresses for approximately five million people, and full names for a
different group of approximately two million people. We also believe that
for a more limited number of people—approximately 310 in total—additional
personal information, including name, date of birth, and zip code, was
exposed, with a subset of approximately 10 customers having more extensive
account details revealed. We are in the process of making appropriate
disclosures to affected people.”

Robinhood has enlisted Mandiant (NASDAQ: MNDT), an outside security firm,
to assist in the recovery. Mandiant is a firm that offers dynamic cyber
defense and response services including extortion attempts.

Caleb Sima, Robinhood Chief Security Officer, stated:

“As a Safety First company, we owe it to our customers to be transparent
and act with integrity. Following a diligent review, putting the entire
Robinhood community on notice of this incident now is the right thing to
do.”

The news was released after regular market hours. In after-hours trading,
Robinhood shares were trading slightly lower.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211109/6cc056a7/attachment.html>

More information about the BreachExchange mailing list