Robinhood is an app used by millions to trade shares of stock and cryptocurrency right from your smartphone. The app makes it easy for even casual investors to get into trading. Now, the company has been hit with a data breach that has exposed the information of seven million users.
Estimated reading time: 2 minutes
According to Robinhood, the data breach only affected a “limited amount of personal information for a portion of its customers.” The data breach was a ransomware attack, and the company says they did not comply with the demand and reported the breach to authorities.
“We owe it to our customers to be transparent and act with integrity,” the company’s security officer, Caleb Sima, said in a published statement. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” it said.
The breach happened on 3 November through what’s known as “social engineering” – a specifically targeted and convincing scam designed to trick an employee into divulging login details or other sensitive information.
BBC
Purandar Das, Founder, and President at Sotero had this to say about the Robinhood data breach:
“This is really no surprise. Organizations are not really equipped to handle the sophistication, techniques and skills of the hackers. Guess the first question to ask here is “Why did this take so long to disclose?” The obvious answer is that there are no consequences. Companies are well aware that customers don’t have recourse by mandate.
They are also aware that the financial consequences are minimal of any. As more consumers start to take matters into their own hands and seek legal remedies companies will start to realize that it is no longer acceptable to keep losing customer information. Also minimizing the loss as it relates name, email etc is still an issue. The bigger issue is that organizations can’t be trusted if they lose any information. Why would they counted on to protect more sensitive information?
Organizations have to start paying attention to not just security but also the privacy of their customers. As long as there are no material consequences they will continue to underinvest in security as well downplay their shortcomings. Another interesting question to ask here is if the company even know about the breach till the extortion attempt. If they didn’t, that is an even more concerning signal about the readiness of the security and privacy readiness.”
Purandar Das, Founder and President at Sotero
What do you think of the Robinhood data breach? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.
