If you used the investing app Robinhood, you could qualify for part of a $20 million class action settlement resolving allegations that the investment app's negligence led to personal information being leaked.
Robinhood's cybersecurity system "lacks simple and almost universal security measures used by other broker-dealer online systems, such as verifying changes in bank account links," according to a February 2021 complaint.
If your Robinhood account was accessed by unauthorized users between Jan. 1, 2020, and April 27, 2022, you're eligible to file a claim, Elizabeth Kramer, an attorney for the plaintiffs, told CNET.
Approximately 40,000 customers say their Robinhood accounts have fallen prey to cyberattacks, according to court filings. The multimillion-dollar agreement received preliminary approval in August.
Robinhood deputy general counsel Lucas Moskowitz said the company takes security very seriously.
"We continue to take numerous steps to safeguard accounts, including using hashing algorithms, encryption, two-factor authentication and other account security measures," Moskowitz said in a statement shared with CNET.
Here's what you need to know about the Robinhood settlement, including who is eligible for a check and how much money they could receive.
For more on class action settlements, find out if you're eligible for money from Capital One's $190 million payout, T-Mobile's $350 million data breach case or Facebook's $90 million data-tracking payout.
What is Robinhood accused of in this class action case?
In February 2021, San Francisco law firm Erickson, Kramer and Osborne filed a class action lawsuit against Robinhood on behalf of Siddharth Mehta, Kevin Qian, Michael Furtado and other Robinhood customers who claimed their accounts were hacked.
According to the motion for settlement filed July 1 in the US District Court for the Northern District of California, Robinhood "used substandard security practices and lacked security measures used by other broker-dealer online systems," leading to multiple data breaches.
Who qualifies for a payment in the Robinhood settlement?
Any US resident notified that their Robinhood account was illicitly accessed between Jan. 1, 2020, and April 27, 2022, or who notified Robinhood their accounts were hacked, is considered eligible to file a claim, Kramer asid.
The settlement does not, however, cover claims arising exclusively from a Nov. 3, 2021, data breach that leaked the personal details of more than 7 million customers, including names, birthdates and ZIP codes. That incident is the subject of a separate lawsuit, according to Kramer.
"To put it more simply, this settlement is based on alleged cybersecurity failures by Robinhood that 'left the door unlocked' for hackers over time," she told CNET. "The specific November 2021 event is carved out."
How much could Robinhood customers receive in compensation?
According to the proposed settlement, Robinhood has agreed to pay $19.5 million in damages and $500,000 in fees. US-based customers whose accounts were hacked between Jan. 1, 2020, and April 27, 2022, can file claims for up to $260 per person.
According to Barron's, individual payouts break down as follows:
• Up to $100 for out-of-pocket expenses resulting from the breach
• Up to $100 in reimbursement for identity theft protection or credit monitoring services
• Up to $60 for time spent responding to the issue.
Class members are also eligible for two years of free identity theft protection and credit monitoring.
In addition to the cash payments and protection services, the settlement requires Robinhood to improve security procedures, including:
- Supplemental two-factor authentication
- Prompting users to update passwords
- Proactive monitoring of account takeovers
- Cybersecurity awareness campaigns
- Real-time voice support for customers
How do I file a claim in the Robinhood settlement?
Notification of the settlement will officially go out on Sept. 13, the same day the settlement website will go live. According to Kramer, the site will include a simple online form for potential class members to complete, as well as a print-out version to mail in.
When will I receive a check?
Preliminary approval for the settlement was given on Aug. 23, 2022. A hearing to assess final approval has been scheduled for May 16, 2023.
Class members would typically receive payment after that, though the process can be slowed considerably by appeals.
Robinhood's rocky road to the present
The Robinhood app has exploded in popularity since its debut in 2013, managing $98 billion in assets by the end of 2021 and reporting 14 million monthly users in June 2022. According to the company, a majority of its users are millennials.
Many services are available for no fee and members' accounts are, on average, significantly smaller than its competitors, according to data from Broker Chooser.
Average account size
But Robinhood's rapid rise has come with controversy and a string of litigation: In February 2021, the company was sued by the family of a 20-year-old trader who killed himself after he incorrectly believed he had racked up approximately $730,000 in losses on the app.
That same year, Robinhood faced several civil suits after it froze GameStop trading following a Reddit campaign to buy up shares of the video-game retailer that caused its stock price to spike.
In June 2021, the Financial Industry Regulatory Authority ordered Robinhood to pay more than $70 million in fines and restitution for violating financial regulations and giving customers false and misleading information.
There have also been several high-profile cybersecurity incidents: In October 2020, Bloomberg reported that approximately 2,000 Robinhood customers' accounts were exposed by hackers.
In the November 2021 attack, the company claimed, a hacker "socially engineered a customer support employee by phone and obtained access to certain customer support systems" in order to extort money. Law enforcement was informed of the extortion attempt, the company maintained, and the leak was contained.
This May, Robinhood agreed to a $9.9 million payout to settle a separate class-action lawsuit filed by users who alleged site outages in March 2020 prevented them from trading just as the market plummeted in the earliest days of the pandemic.
And on Aug. 2, the New York State Department of Financial Services hit Robinhood Crypto, the investing app's cryptocurrency trading wing, with a $30 million fine for "significant" failures to comply with the state's consumer protection, cybersecurity and money laundering statutes.
Also in August, Robinhood laid off nearly a quarter of its employees following a steep decline in trading activity on the app. It was the second round of layoffs this year after Robinhood trimmed its staff by about 9% in April
The two rounds combined have eliminated more than 1,000 jobs from the company, The Wall Street Journal reported.
"Last year, we staffed many of our operations functions under the assumption that the heightened retail engagement we had been seeing with the stock and crypto markets in the COVID era would persist into 2022," Robinhood chief executive and co-founder Vlad Tenev said in a blog post.
"In this new environment, we are operating with more staffing than appropriate," Tenev added. "As CEO, I approved and took responsibility for our ambitious staffing trajectory -- this is on me."