Robinhood Markets Inc. said Monday afternoon that data from customers of its mobile trading app was accessed in a breach last week, and shares declined in late trading. In a post on the company’s blog, Robinhood
disclosed that a customer-support employee was tricked into giving access to systems late on Nov. 3. The hacker was then able to access a list of about 5 million email addresses as well as full names for about 2 million customers, with a smaller subset of customers — 310, according to Robinhood — potentially having more data at risk.
The company said that no social security numbers nor payment information was accessed, and no customers had suffered financial losses as a result. Robinhood’s blog stated that the hackers sought an extortion payment after the intrusion, but did not say if a ransom was paid. The company said it had informed law enforcement and called in cybersecurity company Mandiant Inc.
to help investigate. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” Robinhood Chief Security Officer Caleb Sima said in the post. Robinhood is in the process of informing affected customers directly, the company disclosed. The company directed customers to the “Account Security” portion of its “Help Center” for more information on keeping personal data secure. Robinhood shares declined about 3% in after-hours trading, after closing with a 2.6% gain at $37.98.