Robinhood Markets released on Monday afternoon that an unauthorized party gained access to personal data for almost one-quarter of its 20 million users. It was the most severe security breach for the popular online brokerage.
Robinhood wrote a blog posting late Monday afternoon saying that an unknown third party “socially engineer” a customer support representative by phone on November 3 and gained access to customer services systems.
The Menlo Park, Calif.-based trading business did not offer further details on how the intruder compromised its customer support staff. However, the company stated it believed the person obtained an email address list for about 5 million people and the full names of approximately 2 million people.
About 310 people had additional personal information–including names, dates of birth, and zip codes–exposed in the breach, while about ten customers had “more extensive account details revealed,” Robinhood said.
Robinhood did not immediately respond to Forbes request for comment. The brokerage said that an unauthorized party caused the intrusion and had “promptly” informed law enforcers about the incident.
Robinhood shares fell as much as 3.3% to $37 after-hours trading. This was a reverse of Monday’s 2.6% increase.
The Wednesday security breach that led to the theft of customer funds was one of the biggest ever for Robinhood, but it’s not the only one. According to reports, hackers infiltrated almost 2,000 accounts and stole customer funds last October. According to a spokesperson, the cybercriminals targeted customers whose personal email addresses were compromised beyond Robinhood. This breach did not result from an internal system breach.
