Robinhood breach exposes data on millions

A lot of data: According to a blog published on Robinhood’s website, the breach, discovered on Nov. 3, allowed the perpetrator to steal the email addresses of around 5 million Robinhood users, and the full names of a further 2 million individuals.

Around 310 individuals had their names, birth dates, and ZIP codes exposed as part of the breach, while 10 customers had “more extensive account details” revealed, according to Robinhood.

Robinhood stressed that no Social Security numbers, bank account numbers or credit card numbers were exposed in the breach, and that no customer had experienced a financial loss as a result.

Investigation underway: The company has reached out to law enforcement, disclosed the breach in a filing with the Securities and Exchange Commission, and has engaged the services of cybersecurity company Mandiant to help investigate the breach.

“Robinhood quickly contained the security incident and conducted a thorough investigation to assess the impact,” Charles Carmakal, senior vice president and chief technology officer of Mandiant, told The Hill in a statement. “Mandiant has recently observed this threat actor in a limited number of security incidents and we expect they will continue to target and extort other organizations over the next several months.”