Online stock trading platform Robinhood on Monday said a third party gained unauthorized access to its systems and made away with sensitive user data including the email addresses of five million users.
Along with the five million user email addresses, the full names of some two million people were exposed in an incident that took place on Nov. 3, the company said in a blog post.
Additionally, about 310 people saw more sensitive information disclosed, including names, dates of birth, and zip codes. More extensive account details were revealed for a subset of that group.
Robinhood believes that no Social Security numbers, bank account numbers or debit card numbers were revealed to the intruder, adding that the breach did not result in financial loss for its customers.
"As a Safety First company, we owe it to our customers to be transparent and act with integrity," said Robinhood Chief Security Officer Caleb Sima. "Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."
According to The Wall Street Journal, the unauthorized party gained access to Robinhood's customer support systems by impersonating an authorized party to an employee by phone. The company informed law enforcement after a ransom was demanded.
Robinhood is in the process of informing customers impacted by the intrusion and continues to investigate the incident.