Online stock trading platform Robinhood on Monday announced that an unauthorized third party gained access to its systems, stealing sensitive user data, exposing the email addresses of five million users.
In addition to the user emails, the full names of around two million users were exposed in the November 3 data breach, the company said in a blog post. Approximately 310 people saw more sensitive information exposed, including names, dates of birth, and zip codes. More extensive account details were revealed for a subset of that group.
The stock trading platform says it believes that no Social Security numbers, bank account numbers or debit card numbers were exposed to the intruder, The company says the breach did not result in financial loss for its customers. Robinhood is currently informing customers impacted by the breach and is continuing to investigate the incident.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood Chief Security Officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
The Wall Street Journal reports that the bad actors gained access to Robinhood’s customer support systems by impersonating an authorized party to an employee by phone.