In most cases, email addresses and full names were stolen — but a few hundred are being informed that "additional personal information" was compromised.
Robinhood has announced that millions of its customers have been affected by a data security incident.
The trading platform said an "unauthorized third party" managed to get their hands on the email addresses of five million people — and the full names of approximately two million others.
Meanwhile, "additional personal information" including dates of birth and ZIP codes were exposed in 310 cases, while 10 customers had "more extensive account details revealed."
In a blog post, Robinhood said the hackers had demanded a ransom payment following the breach on Nov. 3. As well as getting in touch with law enforcement, the company has enlisted the help of an external security firm.
Caleb Sima, Robinhood's chief security officer, added:
"As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."
What Customers Need to Do
Robinhood says that customers can receive information on how to keep their account secure by going to the Help Center, selecting My Account & Login, and navigating to the Account Security section.
The company went on to stress that it never includes links to access an account in a security alert — and instead, users should log in to view messages from Robinhood directly.
Robinhood added that it's currently "in the process of making affected disclosures to people."