We research all brands listed and may earn a fee from our partners. Research and financial considerations may influence how brands are displayed. Not all brands are included. Learn more.

Originally Published: Nov 08, 2021
Originally Published: Nov 08, 2021 Last Updated: Nov 08, 2021 3 min read
Close up of a hand holding a smart phone downloading the Robinhood Mobile app
Money; Shutterstock

The popular trading app Robinhood announced Monday that millions of its users had their personal information exposed in a data breach.

In a blog post, Robinhood explained that an "unauthorized third party" engineered the leak through its customer support systems. Users' bank account information, Social Security numbers and other financial data does not appear to have been affected.

There were no monetary losses.

However, the unauthorized party did access about 5 million people's emails and another 2 million people's full names. Some 310 customers' names, birthdays and zip codes were also exposed.

At last count, Robinhood had about 18 million users. If roughly 7 million accounts were compromised, that's over a third of customers affected. Going forward, cybersecurity expert Brian Krebs tweeted Monday, "it's safe to expect an uptick in phishing schemes targeting Robinhood users."

Robinhood has already begun notifying customers of the incident; on Monday afternoon, Twitter lit up with screenshots of emails it was sending to customers. The blog post said Robinhood is investigating the breach in collaboration with law enforcement and a private security team, adding that chief security officer Caleb Sima thought "putting the entire Robinhood community on notice of this incident now is the right thing to do.”

It's been a record-breaking year for data breaches and identity theft. The nonprofit Identity Theft Resource Center said last month that nearly 1,300 incidents had been publicly reported through the end of September 2021, outpacing the 1,108 that were confirmed in all of 2020.

This isn't even the first data breach for Robinhood, which went public this past summer. In October 2020, hackers gained access to almost 2,000 accounts via users' email addresses. It was later sued over the incident.

On Monday, Robinhood recommended customers visit its Help Center, navigate to My Account & Login and check Account Security for more details on how to protect their personal data. Robinhood's webpage on security best practices suggests people enable two-factor authentication, use a strong password stored in a password manager and use device monitoring to check for fraudulent activity.

More from Money:

Robinhood Is Finally Improving Its Customer Service With New 24/7 Phone Support

Here's How Much Money Robinhood Is Making off of You

Robinhood IPO: What to Know Before Investing