Robinhood has announced that it experienced a data-security breach that left approximately seven million customers exposed on November 3. It began when an unauthorized third party convinced a customer-support employee to make certain customer-support systems accessible, which allowed the bad actor to obtain a list of email addresses for five million customers and the full names of another group of two million customers.
A different group of approximately 310 people had additional personal information exposed, including name, date of birth and zip code, with 10 in that group having even more account details leaked.
Once Robinhood put a stop to the attack, the unauthorized party demanded money; the company informed law enforcement and is investigating the incident with the outside security firm Mandiant.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood Chief Security Officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Robinhood has also said it’s in the process of contacting its affected customers to inform them of the breach.
An identity thief uses personal information to commit fraud — applying for credit, filing taxes or getting medical services. Being a victim of identity theft can not only negatively impact your credit status, but it can also cost you a lot of time and money to clear your name.
If you suspect your data might have been leaked in the Robinhood incident, you should take steps now to mitigate the degree of risk — changing all of your online passwords is a good place to start.
The U.S. Government also advises people to review their credit-card and bank-account statements for unauthorized transactions and examine their credit report to ensure it doesn’t include accounts they haven’t opened.