Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Technology > Investment Platforms

Robinhood Sued Over Data Breach

By Melanie Waddell

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • On Nov. 3, hackers gained access to data from more than 7 million Robinhood customers.
  • Robinhood’s customers face a lifetime risk of identity theft due to the firm's failure to safeguard data, the suit maintains.
  • The brokerage says no Social Security numbers, bank account numbers or debit card numbers were exposed.

Robinhood, a stock trading app, was hit with a class-action lawsuit Wednesday in California Northern District Court in response to a data breach that occurred Nov. 3.

The suit, filed on behalf of current and former customers, alleges that Robinhood failed to safeguard their personal information from hackers and that they face a lifetime risk of identity theft.

Robinhood allows customers to trade securities and cryptocurrencies on a mobile app.

On Nov. 3, hackers gained access to the personally identifiable information of over 7 million Robinhood customers, including full names, email addresses, dates of birth and ZIP codes.

Robinhood announced the data breach on Nov. 8.

At least since that date, the suit states, Robinhood has maintained a blog post on its website titled, “Robinhood Announces Data Security Incident.”

The blog post states, in part, that the data breach occurred late in the evening of Nov. 3, and that “an unauthorized third party obtained access to a limited amount of personal information for a portion of our customers.”

Robinhood’s blog states that “based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.”

The blog says: “We understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people — approximately 310 in total — additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed.”

On Nov. 16, Robinhood updated its Nov. 8 announcement “to admit that further information, including customers’ phone numbers and other undisclosed types of PII were exposed” in the data breach, the suit states.

“Indeed, it appears that Robinhood did not even implement basic security measures despite Robinhood’s promises that it: (i) would not disclose consumers’ PII; and (ii) would protect consumers’ PII with adequate security measures,” the suit states.

Robinhood customers’ PII exposed in the data breach is currently up for sale on the dark web, according to the suit.

“The seller indicated that he was expecting to sell the information for at least ‘five figures,’ and the information is ‘highly profitable in the right hands,’” the suit maintains.

“As a result, Robinhood’s customers face a lifetime risk of identity theft,” the suit maintains.

Melanie Waddell

@Think_MelanieW

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.