The trading platform said in a statement that the November 3 attack allowed the unauthorized party to obtain a list of email addresses for about 5 million people and full names for another group of about 2 million people.
The company said the incident caused a "limited number of people," approximately 310 in total, to have their names, dates of birth and zip codes exposed. About 10 customers had "more extensive account details revealed," Robinhood said, without elaborating.
"We believe that no Social Security numbers, bank account numbers or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident," the company said in the statement.
RELATED | More than 1 billion CVS data records accidentally exposed, researcher says
After Robinhood contained the intrusion, "the unauthorized party demanded an extortion payment," according to the statement. The company said it "promptly" informed law enforcement but did not indicate whether it complied with the extortion payment demand.
Shares of Robinhood were down about 3% in after-hours trading Monday.
The unauthorized party gained access to Robinhood's customer support systems by posing as a customer support employee by phone, the company said.
Robinhood said it is in the process of making "appropriate disclosures to affected people" and is continuing to investigate with the help of security firm Mandiant.
ALSO READ | Where are the most rats being spotted in New York City?
"As a Safety First company, we owe it to our customers to be transparent and act with integrity," Caleb Sima, Robinhood's chief security officer, said in the statement. "Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."
& 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.
* Get Eyewitness News Delivered
* Follow us on YouTube
* More local news
* Send us a news tip
* Download the abc7NY app for breaking news alerts Submit a News Tip