Robinhood, a popular investment app has said that it had a security breach last week, in which hackers gained access to personal information of around 7 million users and demanded a ransom payment.
The vast majority of clients who were impacted simply received an email address or their entire name. The information collected for 310 people includes their name, date of birth and ZIP code. Ten clients had “more extensive account details leaked.”
According to the online trading platform, no Social Security information, bank account numbers or debit-card details were disclosed and consumers have suffered no financial losses as a result of the breach.
Scientists warned that affected individuals might be targeted with social – engineering and malicious attacks using their emails and other personal information collected from Public Source.
Chad Anderson, a senior security researcher at DomainTools reported that , “This is an unfortunate breach for Robinhood, and it appears that additional process may have avoided it.”
“However, I must congratulate their staff for being honest about the impact of the hack and the timeliness with which they released information. Such responses enable defenders to alert users and position themselves advantageously for what will almost certainly be a wave of scams targeting the addresses of people who have been exposed.”
According to Mandiant Chief Technology Officer Charles Carmakal and his company expected the hacker to target and steal additional firms in the coming months . Last year, nearly 2000 Robinhood Accounts were hacked in a different incident.
Trevor Morgan, product manager with data security specialists comforte AG in an email, when most people work in a hyper accelerated data environment. We have all become open dealing quicker and putting information out as quickly as possible. The mistake is not taking the time to analyse communications , think through a problem without rush or pressure.
Business can do two things
- Security conscious organisational culture
“For example, create an organisational culture that prioritises data privacy and encourages people to take their time and think through all of the implications before acting on requests for sensitive information.”
- Use data security.
IT executives might explore data-centric security as a way to protect sensitive data. “Tokenization, for example, not only obscures critical data pieces, but it also preserves data format, allowing business applications and users to operate with the data in secure states.” If you never de-protect data, the sensitive information is unlikely to be compromised even if it comes into the wrong hands.”
The company, which popularised free trade, launched on a hiring spree for customer-service employees, more than tripling their size by 2020. As part of its expansion, the firm launched offices in Arizona, Texas, and Colorado. Last month, it announced 24-hour phone assistance.