top of page

Robinhood $20M data breach deal approved by the court

Broker-dealer and an online trading platform for stocks As part of a class-action settlement with thousands of consumers whose accounts were allegedly accessed by unauthorized users, Robinhood Financial got closer to paying $20 million.

According to a motion for settlement submitted on July 1 in U.S. District Court for the Northern District of California, Robinhood "used substandard security practices and lacked security measures used by other broker-dealer online systems" from January 2020 through April 2022. According to court filings, a California magistrate judge gave the agreement preliminary approval on Tuesday.

Without assuming responsibility or admitting fault, Robinhood agreed to settle.

The lawsuit also alleged violations of the California Consumer Privacy Act, and as part of it, almost 40,000 users claimed their accounts had been compromised since 2020. (CCPA).

The Robinhood breach that occurred in November 2021 during the time frame of the complaint resulted in a hacker obtaining the names or email addresses of about seven million of its clients. The bad actor "socially engineered a customer support employee by phone and obtained access to certain customer support systems," the company claimed at the time.

In accordance with the terms of the settlement, Robinhood agreed to pay $500,000 in fees, $19.5 million in damages, and to offer the impacted parties two years of credit monitoring and identity theft protection. In order to prevent unauthorized access to customer accounts, the business must also "maintain improved policies and procedures," which must include the following:

1. Supplemental two-factor authentication;

2. Screening for, and prompting users to update, potentially compromised passwords;

3. Proactive monitoring of account takeovers;

4. Customer awareness campaigns that provide information and tools for better cybersecurity hygiene; and

5. Real-time voice support.

According to the settlement, the corporation must adhere to these new standards for at least 18 months or risk incurring additional damages.

A request for comment from Robinhood did not immediately receive a response.

The New York State Department of Financial Services penalized Robinhood Crypto $30 million earlier this month for "significant failures" in its cybersecurity compliance, anti-money laundering, and Bank Secrecy Act compliance protocols.

The business was discovered to lack suitable manpower, to have put off replacing its manual transaction monitoring system with one more appropriate for its scale, and to lack the resources necessary to manage the dangers associated with the bitcoin industry.


7 views0 comments
bottom of page