X

Robinhood data breach exposed 7 million customers

The breach happened Nov. 3, leaking the most extensive personal data for about 300 users. However, Robinhood says no financial information was exposed.

Adam Benjamin Managing Editor
Adam Benjamin has helped people navigate complex problems for the past decade. The former digital services editor for Reviews.com, Adam now leads CNET's services and software team and contributes to its game coverage.
Expertise Operating systems, streaming services, mobile apps and first-person shooters Credentials
  • Adam has been covering streaming services since 2013 and wants to help people navigate the subscription creep in their lives.
Adam Benjamin
2 min read
Robinhood stock trading

The trading platform is finishing an eventful year with a major data breach.

James Martin/CNET

Stock trading platform Robinhood, perhaps best known for its association with the GameStop rollercoaster earlier this year, announced Monday that it experienced a data breach Nov. 3. The company reported that the incident affected a little more than 7 million customers, with varying amounts of data leaked.

The largest part of the breach leaked email addresses for about 5 million customers, according to the company's press release, with full names being leaked for a separate 2 million customers. That same press release indicated that 310 people may have names, dates of birth and ZIP codes leaked, and "more extensive account details" for roughly 10 customers. No Social Security, bank account or debit card information is believed to have been exposed. The company says it's in the process of contacting the people affected by the breach. 

The data breach is the latest event in a busy year for Robinhood. Back in January, the trading platform played a major part in a coordinated "short squeeze" of GameStop stock, with investors collectively buying the stock to punish hedge funds that had bet on its decline. The resulting trading frenzy drew Congress' attention to Robinhood, including a five-hour hearing about the service Robinhood provides and whether it's ultimately beneficial or harmful for retail investors. The company then filed to go public in July, and the data breach comes barely three months after its initial public offering. 

The incident also continues a trend of major data breaches, following T-Mobile in September and Twitch in October.

Robinhood's statement said that the breach has since been contained, law enforcement has been informed and the party responsible demanded payment in an extortion attempt. Caleb Sima, Robinhood's chief security officer, said in the company's statement, "As a Safety First company, we owe it to our customers to be transparent and act with integrity."