Fortress HR: Why Your CHRO Should Be Leading On Cybersecurity
Retail brokerage Robinhood was on a tear in 2021. Buoyed by a surging stock market and torrents of cash from the #WallStreetBets meme investing crowd, the young financial firm was building a rep as an insurgent, gamified competitor to comparatively sleepy brokerages like TDAmeritrade and Charles Schwab, outfits which young day-traders more often associated with their parents or grandparents. To the casual observer, Robinhood was a fintech company on the rise.
Then, on Nov. 3, 2021, the company was hacked. It wasn’t the first time. In October 2020, some 2,000 accounts had been compromised and funds stolen. And although the 2021 attack did not target user funds, it was on a far greater scale. Personal information for some 7 million customers—including names and email addresses—was exposed. The attackers also got the phone numbers for a few thousand customers. Worse still, 310 customers had even more personal information, things like phone numbers and dates of birth, jeopardized, while an unfortunate 10 had “more extensive account details revealed,” said Robinhood.
The hacker, according to the firm, had gained access to user data not through some kind of sophisticated tech wizardry but by socially engineering “a customer support employee by phone,” allowing them to “obtain access to certain customer support systems.”
