Zero-commission brokerage Robinhood Markets became the target for a demand for payment from an intruder who obtained personal information for 7 million Robinhood users — around a third of the firm’s customers, according to news reports.

The company said that the intruder obtained the email addresses of around 5 million users and full names of another 2 million users in a November 3 incident, Bloomberg writes, citing a statement Robinhood published Monday.

For about 310 of the users, the intruder was also able to obtain birth dates and ZIP codes, in addition to their names, and 10 of the users had even more personal information exposed, according to the news service.

The exposure of birth dates and physical address could be particularly dangerous for the users involved because that data can be used for further attacks, Bloomberg writes. That’s because such information is typically used for verification checks to log in to different services, according to the news service.

The intruder gained access to Robinhood’s support systems via a phone call with a customer service rep, according to Robinhood, Bloomberg writes. A spokesperson for the firm said that the intruder made threats about the use of the obtained information, adding that it wasn’t a ransomware attack but declining to say whether Robinhood has paid the person, according to the news service.

Robinhood said that none of its users’ Social Security, bank account or debit card numbers have been exposed in the breach and that no customer has suffered financial losses as a result, according to Bloomberg.

Robinhood also said that it contained the breach, hired security firm Mandiant to investigate and notified law enforcement, according to the news service.

Mandiant chief technology officer Charles Carmakal said that Robinhood “conducted a thorough investigation to assess the impact,” according to Bloomberg. Carmakal also said that Mandiant believes the same intruder will try to extort other organizations in the next few months, the news service writes.

Last year, Bloomberg found more than 10,000 login credentials connected with Robinhood accounts available for sale on the dark web, after an internal probe by Robinhood found that close to 2,000 accounts had been hacked.

Do you have a news tip you’d like to share with FA-IQ? Email us at