Attorney General William Tong urged Robinhood users to exercise additional caution following a data breach that exposed millions of customer names and email addresses. The online stock trading platform confirmed today that a hacker tricked a customer service representative over the phone into turning over access to Robinhood’s customer support systems. That information gave the hacker access to email addresses for five million people, and the full names of two million people. The hacker then demanded a ransom payment from Robinhood.

“Data breaches, particularly those involving ransom demands, are a ubiquitous modern threat to businesses and consumers. The Robinhood hacker will likely now use the email addresses and names they have harvested to send phishing emails to try to extract additional personal information and money. Robinhood has indicated that it will not email any security alert containing a link to its users. If you receive one, it is a scam and report it immediately. As always, carefully review and verify any email before you click on a link or respond,” said Attorney General Tong.

Attorney General Tong previously issued guidance to businesses and government entities to protect operations and personal information from intrusions, including ransomware. Attorney General Tong also previously issued COVID-19 cyber safety guidance to consumers, including information on general best practices to avoid falling victim to cyber scams.

This press release was made possible by: