7 Million Users Affected In Robinhood Data Breach

Exploit: Phishing, Vishing
Company: Robinhood
Industry: Fintech
Source: https://www.wsj.com/articles/robinhood-hack-exposes-millions-of-customer-names-email-addresses-11636408263

An investigation is underway after a successful vishing (voice phishing) attack was used to penetrate the customer support system for financial services platform Robinhood. After infiltrating the company’s system, threat actors gained access to a customer list exposing varying degrees of PII for an estimated total of seven million users.

Reports later indicated the cybercriminals then demanded a ransom payment to keep the data safe. While the extortion amount has not been revealed, it appears that Robinhood has yet to send any payment. The company has turned to law enforcement and a third-party cyber security to investigate further.

“As a Safety-First company, we owe it to our customers to be transparent and act with integrity,” CSO Caleb Sima continued, “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”