Robinhood App's $20 Million Data Breach Settlement: Who Is Eligible for Money?
The stock-trading app lacks "almost universal security measures," according to a class action suit.
Dan AveryFormer Writer
Dan was a writer on CNET's How-To and Thought Leadership teams. His byline has appeared in The New York Times, Newsweek, NBC News, Architectural Digest and elsewhere. He is a crossword junkie and is interested in the intersection of tech and marginalized communities.
ExpertisePersonal finance, government and policy, consumer affairs
If you used the investing app Robinhood, you could qualify for part of a $20 million class action settlement resolving allegations that the investment app's negligence led to personal information being leaked.
Robinhood's cybersecurity system "lacks simple and almost universal security measures used by other broker-dealer online systems, such as verifying changes in bank account links," according to a February 2021 complaint.
If your Robinhood account was accessed by unauthorized users between Jan. 1, 2020, and April 27, 2022, you're eligible to file a claim, Elizabeth Kramer, an attorney for the plaintiffs, told CNET.
Approximately 40,000 customers say their Robinhood accounts have fallen prey to cyberattacks, according to court filings. The multimillion-dollar agreement received preliminary approval in August.
Robinhood deputy general counsel Lucas Moskowitz said the company takes security very seriously.
"We continue to take numerous steps to safeguard accounts, including using hashing algorithms, encryption, two-factor authentication and other account security measures," Moskowitz said in a statement shared with CNET.
Here's what you need to know about the Robinhood settlement, including who is eligible for a check and how much money they could receive.
What is Robinhood accused of in this class action case?
In February 2021, San Francisco law firm Erickson, Kramer and Osborne filed a class action lawsuit against Robinhood on behalf of Siddharth Mehta, Kevin Qian, Michael Furtado and other Robinhood customers who claimed their accounts were hacked.
According to the motion for settlement filed July 1 in the US District Court for the Northern District of California, Robinhood "used substandard security practices and lacked security measures used by other broker-dealer online systems," leading to multiple data breaches.
Who qualifies for a payment in the Robinhood settlement?
Any US resident notified that their Robinhood account was illicitly accessed between Jan. 1, 2020, and April 27, 2022, or who notified Robinhood their accounts were hacked, is considered eligible to file a claim, Kramer asid.
"To put it more simply, this settlement is based on alleged cybersecurity failures by Robinhood that 'left the door unlocked' for hackers over time," she told CNET. "The specific November 2021 event is carved out."
How much could Robinhood customers receive in compensation?
According to the proposed settlement, Robinhood has agreed to pay $19.5 million in damages and $500,000 in fees. US-based customers whose accounts were hacked between Jan. 1, 2020, and April 27, 2022, can file claims for up to $260 per person.
According to Barron's, individual payouts break down as follows: • Up to $100 for out-of-pocket expenses resulting from the breach • Up to $100 in reimbursement for identity theft protection or credit monitoring services • Up to $60 for time spent responding to the issue.
Class members are also eligible for two years of free identity theft protection and credit monitoring.
In addition to the cash payments and protection services, the settlement requires Robinhood to improve security procedures, including:
Supplemental two-factor authentication
Prompting users to update passwords
Proactive monitoring of account takeovers
Cybersecurity awareness campaigns
Real-time voice support for customers
How do I file a claim in the Robinhood settlement?
Notification of the settlement will officially go out on Sept. 13, the same day the settlement website will go live. According to Kramer, the site will include a simple online form for potential class members to complete, as well as a print-out version to mail in.
When will I receive a check?
Preliminary approval for the settlement was given on Aug. 23, 2022. A hearing to assess final approval has been scheduled for May 16, 2023.
Class members would typically receive payment after that, though the process can be slowed considerably by appeals.
Robinhood's rocky road to the present
The Robinhood app has exploded in popularity since its debut in 2013, managing $98 billion in assets by the end of 2021 and reporting 14 million monthly users in June 2022. According to the company, a majority of its users are millennials.
Many services are available for no fee and members' accounts are, on average, significantly smaller than its competitors, according to data from Broker Chooser.
Average account size
But Robinhood's rapid rise has come with controversy and a string of litigation: In February 2021, the company was sued by the family of a 20-year-old trader who killed himself after he incorrectly believed he had racked up approximately $730,000 in losses on the app.
That same year, Robinhood faced several civil suits after it froze GameStop trading following a Reddit campaign to buy up shares of the video-game retailer that caused its stock price to spike.
There have also been several high-profile cybersecurity incidents: In October 2020, Bloomberg reported that approximately 2,000 Robinhood customers' accounts were exposed by hackers.
In the November 2021 attack, the company claimed, a hacker "socially engineered a customer support employee by phone and obtained access to certain customer support systems" in order to extort money. Law enforcement was informed of the extortion attempt, the company maintained, and the leak was contained.
The two rounds combined have eliminated more than 1,000 jobs from the company, The Wall Street Journal reported.
"Last year, we staffed many of our operations functions under the assumption that the heightened retail engagement we had been seeing with the stock and crypto markets in the COVID era would persist into 2022," Robinhood chief executive and co-founder Vlad Tenev said in a blog post.
"In this new environment, we are operating with more staffing than appropriate," Tenev added. "As CEO, I approved and took responsibility for our ambitious staffing trajectory -- this is on me."