By Annie Massa
Robinhood Markets Inc. said personal information of millions of customers was compromised in a data breach last week and that the culprit demanded a payment.
An “unauthorized party” obtained email addresses of about 5 million people as well as the full names “for a different group of approximately 2 million people,” Robinhood said Monday in a statement.
The Menlo Park, California-based brokerage said it believes no Social Security, bank account or debit-card numbers were exposed during the Nov. 3 incident, nor that customers incurred financial losses.
“After we contained the intrusion, the unauthorized party demanded an extortion payment,” Robinhood said.
The attack hinged on a phone call with a customer service representative, whom the intruder used to gain access to support systems, according to the statement. The trading app said it contained the breach, notified law enforcement and enlisted security firm Mandiant Inc. to investigate the breach.
In a separate episode last year, almost 2,000 Robinhood accounts were compromised in a hacking spree.