Robinhood (2021) Breach
Nov 3, 2021
5,003,945 rows
What happened in the Robinhood (2021) Breach?
DataBreach.com Team · September 1st 2025, 8:00 pm EDT
On November 3, 2021, Robinhood disclosed a significant data breach that compromised the personal information of millions of users. The incident stemmed from a social engineering attack against a customer support employee, which gave the attacker access to internal systems. While Robinhood emphasized that no Social Security numbers, bank account details, or debit card numbers were exposed, the scale of the compromised data was quite notable.
Scope of the Breach
Robinhood confirmed that nearly 7 million people were affected in different tiers of exposure:
- 5 million email addresses were accessed.
- About 2 million users’ full names were also included.
- A smaller subset of 310 users had more sensitive information accessed, including name, date of birth, and ZIP code.
- Later reviews suggested that several thousand phone numbers were also exposed.
In total, our parse confirms approximately 5,003,945 unique rows of data.
How the Attack Happened
The breach was carried out through phone-based social engineering, where the attacker tricked a Robinhood support employee into granting system access. From there, the attacker exfiltrated data and later attempted to extort the company. Reports indicated that the stolen dataset, or parts of it, were offered for sale on cybercrime forums with an initial asking price of $10,000.
Impact and Risks
Even though financial account credentials and SSNs were not part of this breach, the exposed information poses significant risks:
- Phishing campaigns leveraging the email and name combinations.
- SIM-swap or identity verification attacks using phone numbers and dates of birth for the smaller group.
- Long-term social engineering risks, given the attacker demonstrated that Robinhood employees could be manipulated.
Aftermath
Robinhood stated it promptly contained the incident and contacted affected customers. No evidence suggested direct financial losses as a result of the breach. However, the reputational impact was considerable, and in 2025 Robinhood agreed to a $45 million settlement with the SEC, in part tied to security and record-keeping failures related to this breach.
---
Help Us Confirm
If you received an alert about this breach or read our article and discovered your data exposed - and you were a Robinhood user in 2021 - we’d love your help in confirming the breach. Please reach out at contact@databreach.com.
