News
Social Engineering Attack Hits Robinhood, PII of Millions Breached 
BlogBreachesResourcesNews
Social Engineering Attack Hits Robinhood, PII of Millions Breached 

Social Engineering Attack Hits Robinhood, PII of Millions Breached 

Catherine Chipeta
Catherine Chipeta
November 15, 2021

US trading platform Robinhood is at the center of a data breach affecting up to 7 million of the popular investing app’s users after falling victim to a social engineering attack on 3rd November 2021.

The Timeline

  • November 3rd, 2021: An unauthorized third-party undertook a social engineering attack via telephone communication with Robinhood customer support, gaining access to some customer support systems.
  • November 8th, 2021: Robinhood releases a statement to confirm and detail the occurrence of a ‘data security incident’ and the remediation steps being taken as per the company’s incident response plan.

The Damage

The threat actor is reported to have compromised varying amounts and types of sensitive data during the security incident, including:

  • The email addresses of approximately five million people
  • Full names of approximately two million separate people
  • Additional personally identifiable information (PII) of approximately 310 customers - name, date of birth, zipcode
  • Further PII of approximately ten customers

Other sensitive data such as Social Security numbers, bank account numbers, and debit card numbers are not believed to have been exposed. Customers have not experienced any financial losses to date due to the security incident. 

The Outcome

The attack’s motives appear to be financial, as the threat actor is reported to have demanded extortion payment following Robinhood’s containment of the breach.

Robinhood took the following actions following the attack:

  • Contacting law enforcement
  • Engaging an external security firm
  • Alerting those affected by the malicious disclosure

The growing number of social engineering attacks highlights the importance of cybersecurity awareness training programs for staff, as mitigating human errors proves an effective attack surface management technique.

How secure is Robinhood?

Robinhood Markets, Inc. is an American financial services company headquartered in Menlo Park, California. The company offers a mobile app and website that offer people the ability to invest in stocks, ETFs, and options through Robinhood Financial and crypto trading through Robinhood Crypto. Robinhood operates a website and mobile apps for iPhone, Apple Watch, and Android
  • Check icon
    View our free preliminary report on Robinhood’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Robinhood's score
View score
https://robinhood.com
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

One of the world's largest manufacturers of semiconductors has attributed a $250 million loss in its second-quarter sales report to a supply chain attack.
Edward Kost
Edward Kost
February 27, 2023
Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Cybercriminals believed to be working for a criminal or state-sponsored operation breached Optus' internal network, compromising personal information impacting up to 9.8 million customers.
Edward Kost
Edward Kost
September 26, 2022
Medibank Data Breach Impacts 9.7 Million Customers

Medibank Data Breach Impacts 9.7 Million Customers

Medibank suffered a data breach that compromised 9.7 million current and former customers.
Edward Kost
Edward Kost
November 11, 2022
OpenWRT breached through admin account

OpenWRT breached through admin account

OpenWRT, an open source firmware solution for home routers, was breached exposing the email addresses of many of its forum users.
Edward Kost
Edward Kost
January 16, 2021
Australian Real Estate Website Hacked 

Australian Real Estate Website Hacked 

Domain, one of Australia’s leading property market platforms, has fallen victim to a cyber attack
Edward Kost
Edward Kost
May 24, 2021
NT Government forced offline by compromised third-party vendor

NT Government forced offline by compromised third-party vendor

The Northern Territory Government's third-party IT system supply has fallen victim to a ransomware attack.
Edward Kost
Edward Kost
January 11, 2021
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating
UpGuard logo
UpGuard is a complete third-party risk and attack surface management platform.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Contact sales
Free trial
Products
Tools
Company
Insights
Products
Compare
Solutions
Company
Insights
© UpGuard, Inc.
Research GuidelinesPlatform Terms & ConditionsWebsite Terms & ConditionsPrivacyCookies