Brokerage and crypto-buying app Robinhood has experienced a data security incident, resulting in a hacker stealing five million customer email addresses, the company announced Monday (Nov. 8).
The incident took place on Nov. 3 by an “unauthorized third party,” who also stole additional personal details from several clients.
Robinhood addressed what happened in a blog post, saying a hacker had “socially engineered a customer support employee by phone and obtained access to certain customer support system.”
“At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” the post continues.
Robinhood said the hacker was unable to get sensitive information like Social Security numbers or banking information for the bulk of affected customers; however, for around 310 customers, the hacker was able to access things like birth dates or home addresses. A further 10 customers had “more extensive” account details stolen.
According to Robinhood, the hacker had attempted to blackmail the company, but the company decided instead to contact law enforcement. The company didn’t specify whether or not the hack affected specific parts of the customer base or its burgeoning crypto sector.
Robinhood recently made news for its decision to open up the initial public offering (IPO) Access platform for companies to put stocks aside for some members of the public, in an attempt to allow more retail traders to access the market.
This will be a change, as big institutional investors and funds have often been the first for IPO spending.
Read more: Robinhood Opens IPOs To Retail Investors With Ties to Companies
Retail investors have had comparably few options and have been able to buy stock from newly-listed companies only after the shares began trading, leading to higher prices.
Robinhood’s Directed Share Programs (DSPs) will give select members of the public more chances to buy shares at the IPO price.