Trading app Robinhood – which earlier this year faced scrutiny over its GameStop trading halt – is now reeling from the consequences of a data breach that exposed the names or email addresses of more than seven million people.

Why should we care?
Robinhood downplayed the impact of the breach, saying it affected a limited number of customers and that it does not believe sensitive information was exposed. But seven million people’s information exposed – along with sensitive information about 300 users such as birth dates and zip codes – begs the question of whether the brand will ever be able to recover from the reputational damage. The hackers reportedly demanded a ransom that the company did not pay, and authorities were alerted. But any amount of information exposed, particularly email addresses, is of concern to customers because of the vulnerability to phishing emails. According to a blog post from Robinhood that disclosed the breach, the attacker “socially engineered a customer support employee by phone and obtained access to certain customer support systems.” According to cybersecurity company Mandiant, Robinhood “conducted a thorough investigation to assess the impact.” Robinhood may have mitigated the immediate effects of the breach, but there could be consequences that may be felt for a long time.