Trading platform Robinhood experienced a data breach which resulted in a leak of its confidential documents and customer details. According to them, an unauthorized third party obtained access to limited personal details of its customers.
News of the data security breach pushed the company's stock price down by 3.21% for a $36.26 market close.
The data breach
occurred on November 3 through an attack type called social engineering which is a targeted and convincing fraud intended to trick an employee into disclosing login details or other sensitive information. The emails of around five million Robinhood users were compromised, as well as the full names of an additional two million. Based on an investigation, the attack was limited and no social security numbers, bank account numbers, or debit card numbers were exposed. Customers did not suffer any financial loss due to the incident.
What data was exposed?
Robinhood revealed that a much smaller group of 310 people had information that was more sensitive leaked. This information included names, dates of birth and US postal codes
Robinhood believes that even though more sensitive information leaked for these customers, their social security numbers
and financial information were not leaked.
Robinhood rejected paying the ransom the hackers demanded and reported the theft to the authorities.
What is Robinhood saying?
Robinhood said it had notified law enforcement agencies and hired an external cyber security firm to help deal with the incident, instead of complying with what it called extortion.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,”
said Robinhood Chief Security Officer Caleb Sima.
“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
The US and cybercrime
The Identity Theft Resource Center (ITRC), a nonprofit organization established to support identity crime victims, recently released its findings on U.S. data breach in the third quarter of 2021, and the results point to a significant increase in cybercrime.
, malware, password attacks, rogue foreign attacks and espionage are among the cyber threats the US is constantly striving to detect as cybercriminals become more sophisticated.
According to the data breach analysis, the number of publicly reported data breaches in the United States decreased by nine percent in the third quarter of 2021 (446 breaches) compared to the second quarter of 2021 (491 breaches). However, the number of data breaches by 30 September 2021 has exceeded the number of incidents in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.
Banks and other financial technology companies
are prime targets for cybercriminals, as victims of cybercrime can be exposed by doing something as innocuous as online shopping or online banking.