• by Ray Schultz , November 10, 2021

Financial services brand Robinhood suffered a data breach on November 3 in which 5 million email addresses were exposed.

The perpetrator demanded an extortion payment just as the company had contained the intrusion. Robinhood refused to pay. 

The company has contacted law enforcement and is investigating the incident with an outside security firm -- Mandiant.  

In addition to the email addresses, the threat actors also obtained personal details of roughly 310 people, including name, birth date and zip code. And 10 customers had more extensive account details revealed, the company says in a blog post. 

All affected individuals were notified. 

However, Social Security back account and debit card numbers remained secure. There has been no financial loss to any customers, Robinhood says. 

“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems," the company says.