Robinhood notified customers via email of a customer data breach that occurred on November 3, 2021. According to Robinhood’s investigation, the breach exposed:
- Email addresses for 5 million users
- Real names for 2 million users
- Name, date of birth, and zip code for approximately 310 users
- Extensive personal data for approximately 10 users
The threat actor in this incident socially engineered a customer support employee by phone and obtained access to certain customer support systems. Robinhood stated that due to this method of access, it does not believe at this time that credit cards, bank account numbers, or social security numbers were exposed.