These are the incidents that make us do those tedious security trainings each year.
Robinhood announced that a data breach exposed the information of around 7 million users. This happened after an employee was tricked to give access to their internal systems by a hacker.
An unauthorised person called the customer service number of the investing app on Nov. 3 and was responsible for the security breach. The caller tricked Robinhood employees into giving them access to sensitive information and was able to obtain emails from around 5 million people and the names of approximately 2 million others.
It's already bad enough, but it gets worse. Robinhood also revealed that approximately 310 people had additional personal information, including names, dates and zip codes. Robinhood didn't reveal the exact details of the account of ten of these customers. Robinhood is confident that no Social Security numbers or bank account numbers or credit card numbers were stolen.
The social engineering skill has to be respected. We would all assume that someone authorized to access user data wouldn't call public-facing customer service number.
SEE ALSO: 8 Best Alternatives to Robinhood's Investment Apps
Robinhood was contacted by a malicious actor to demand a payment. However, the company refused to disclose the amount or whether they had actually paid it to Mashable. Robinhood spokeswoman did however tell Mashable that the company would continue to require security training for employees. This included education on social engineering attacks and that it was "working to implement new security measures."
Robinhood also stated in its press release, that law enforcement was informed and that Mandiant security firm is investigating the incident. The company is currently informing affected users about the breach.
Caleb Sima, Chief Security Officer at Robinhood, stated that "Following diligent review", putting the entire Robinhood Community on notice about the incident now is the right decision to make." He posted the information on the company's blog.
There isn't anything you can do to protect your rights from such violations. You can be hacked if you give your information to a company.
You can be part of the solution if you complete your tedious work-mandated data security training. Hopefully you won't make that same mistake as Robinhood employees.