Robinhood Discloses Security Breach and Extortion Attempt
Robinhood Markets disclosed a security breach on Monday affecting millions of customers, and said that the infiltrator had demanded an “extortion payment.” Most of the people affected appear to have had only their email addresses revealed, but a limited number had substantial personal information stolen.
The online broker said that whoever committed the breach “socially engineered a customer support employee by phone and obtained access to certain customer support systems.” Social engineering in this case implies that the infiltrator tricked the support employee into giving up information.
The company made the disclosure just after trading closed for the day. Robinhood (ticker: HOOD) shares fell 2.9% in after-hours trading after rising 2.6% during the day.
Robinhood shares have recovered somewhat in the past few days after trading lower amid weak customer growth and earnings results. The stock is now trading right around where it made its debut in July. In recent days, investors have been speculating about Robinhood’s plans for its crypto platform, including whether it will list the meme coin Shiba Inu.
Robinhood said in a securities filing and a blog post that whoever breached its systems had gotten a list of email addresses for about three million customers, and a list of the full names of two million others.
There were roughly 310 people who had more information compromised, such as their birth dates, and “approximately 10” who had even more extensive information stolen. After the company contained the breach, the infiltrator demanded an extortion payment, Robinhood said. It is working with law enforcement and an outside security firm.
This isn’t the first time Robinhood’s security practices have come under scrutiny. The SEC’s Division of Examinations “identified deficiencies” in Robinhood’s security practices in a prior review related to account takeovers and identity theft in connection with opening new accounts, the company said in a securities filing before its initial public offering. Robinhood said it responded to those deficiencies.
Write to Avi Salzman at [email protected]