(NEXSTAR/WTNH) – Robinhood, a financial-services company that operates a popular brokerage app, this week announced a data breach that affects about seven million of its users to varying degrees.
The company issued a statement on the breach Monday, revealing that an “unauthorized party” obtained the email addresses of approximately five million users. The full names of an additional two million users were also exposed.
Hackers obtained further personal details of a smaller group — approximately 310 people – including full names, dates of birth, and zip codes, according to Robinhood. Ten individuals had even more “extensive” information exposed.
Robinhood does not believe any of its customers’ funds were lost as a result of the breach.
“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood said in its news release.
Connecticut’s Attorney General William Tong (D) has a warning for folks following the breach. The majority of users only had their name and email address stolen, but even with just that information, Tong says these hackers could send you an email pretending to be the company.
“It’s probably best unless you’re 100% sure it’s a genuine email to not respond to that email,” Tong explained. “Make a fresh phone call, or fresh inbound email from your account to say ‘Hey what’s up?’ or ‘Hey, I have a question about my account.’”
Robinhood is reaching out to affected customers. An investigation is ongoing.
The hackers, according to Robinhood, had “socially engineered a customer support employee by phone and obtained access to certain customer support systems.” They then demanded an “extortion payment,” the company says.
Robinhood has advised customers with concerns to visit its online help center.