/ This Week in Data Breaches

Robinhood Data Breach - The Latest in a Record-breaking Year


Another day, another data breach!  It's the reason why Bloom was founded and why we feel so passionately about what we build.  These breaches will just continue to happen until we shift the paradigm from centrally stored personal data to models built around decentralized identity.  Let’s take a look at the facts of this latest breach.

Robinhood Data Breach Compromises Names and Email Addresses of Millions of Customers

On November 3, Robinhood released a statement that an unauthorized intruder gained access to the personal information of millions of its customers.  The data breach compromised the email addresses of approximately five million people, and separately, the full names of around two million people.  Further evidence shows that a smaller number of customers may have had additional personal information exposed.

Based on the on-going investigation, it appears social security numbers and bank account data were not breached, and that there has been no financial loss to any customers.  The incident is still under investigation and Robinhood has enlisted the help of law enforcement, as well as Mandiant, a cybersecurity company.  

Unfortunately, Robinhood’s data breach is just the latest attack in a year that has seen a record number of breaches.  Despite the knowledge that a cybersecurity-related incident was likely, an intruder was able to easily bypass Robinhood’s security system, compromising the information of millions of customers who had put their trust in the company.

Why does this keep happening?  When are users going to start to demand that every company they deal with not store their personal information centrally?  Decentralization is the future - not just for transactions, but for personal data storage and interactions.  Download the Bloom App if you haven't already done so and see why over a million other users believe that their personal information should be theirs.  And if you're a business, sign up for an OnRamp Demo and see what it could mean for your business.  It’s time to be proactive about our digital identity.

Data Breaches Reach an All-time High in 2021

As we approach the holiday season, the days are getting shorter, shopping receipts are getting longer, and cybersecurity threats are at an all time high.  In fact, according to the Identity Theft Resource Center (ITRC), the number of data breaches so far this year has already surpassed the total for 2020.  This is extremely alarming news and worrisome as we approach the time of the year when online shopping is at its peak, and more of our personal information is available on the web.

As of now, there have been over 1,290 data breaches - up by 17% since last year.  With the exponential growth in the connectivity of cyber devices, and the vulnerability of a centralized intermediary, cybersecurity is more important than ever.  Phishing and ransomware attacks continue to be the most prevalent weapons for hackers, and the firm Cybersecurity Ventures estimate that a new ransomware attack will occur every 2 seconds.  Ransomware is a criminal extortion tool in which key files are encrypted by hackers, rendering them inaccessible to the victim until a ransom has been paid.  

Although ransomware is not a new tactic, the expanded attack surfaces and interconnectivity of digital commerce have made the cybersecurity threat as dangerous as ever.  Hackers, constantly seeking new avenues to exploit, are now demanding payments in the form of cryptocurrency.  The US Treasury Department has tied approximately $5.2 billion in BitCoin transactions to ransomware payments.  

Awareness and Transparency

Cybersecurity is all about risk management.  As the number of threats increases, more and more Americans are expressing concern that their personal information, or that of the centralized financial institutions to which they are associated, is at risk.  The problem, though, is this: awareness does not necessarily lead to action.  Too often, people assume that cybercrime is someone else’s responsibility, and believe that a hack will never affect them personally.  

Furthermore, some organizations and governments have purposefully been withholding important data breach notices.  In 2017, a ransomware attack called WannaCry, disrupted hospitals, schools, and government organizations in over 100 countries, demonstrating the vulnerability of globally-connected networks and devices.  Although the WannaCry attack (and others, including CryptoLocker, WhiteRose, and Petya) was seen by some as a wake-up call, organizations and governments did not fortify against future attacks.  

Significant Attacks in 2021

Let’s take a look at some of the more significant attacks that have occurred just this year.

  • Bonobos: In January, Bonobos, a men’s clothing retailer, was victim of a massive breach, in which personally identifiable information (PII) of over 7 million shoppers was leaked in a forum for hackers.  The PII included address, phone numbers, account information, and partial credit card numbers.
  • Facebook, Instagram, LinkedIn: Due to an unsecured database, the PII of 214 million social media users was leaked, exposing full names, subscriber data, location, and other contact information.
  • CNA Insurance: Hackers in March attacked CNA, one of the largest insurance firms in the US, compromising the data of around 75,000 employees, and leading to the halt of trading for a short period of time.  CNA Insurance agreed to pay the hackers $40 million to regain access to their ransomed network.
  • National Basketball Association: This year, the NBA was targeted by a ransomware attack, with the group responsible claiming that they had stolen 500gb of confidential data.
  • Buffalo Public Schools: Unfortunately, cyberattacks within the education sector are also becoming more prevalent, and in March the Buffalo Public Schools suffered a ransomware attack that targeted highly sensitive information for the 34,000 students within the school district.

As if the pandemic wasn’t hard enough for people, hospitals and healthcare facilities have also become increasingly prone to cyber attacks.  Often these critical facilities are forced to comply for fear of shutting down their medical operations.  

Securing our digital identities is a universal problem.  The interconnectivity of the world we live in means that cyberthreats will continue to impact our lives, and although awareness is increasing, so too is the complexity of the targeted attacks.  Information shared with a centralized entity is vulnerable to a breach, as the user loses control of precisely who has their personal data. So, what can be done to mitigate the risk?

The Bloom Solution

Taking proactive measures is a good place to start.  Staying hyper-vigilant to cyber trends and utilizing new and emerging tools to help with compliance and risk will certainly help to avoid an attack.  Bloom offers a solution for digital identity, user privacy, and risk assessment.  In fact, Bloom was founded in response to the 2017 Equifax scandal, in which hackers gained access to the private information of 147 million US citizens.  By developing the BloomID, Bloom gave its users the ability to create and control their own digital identities.  More recently, with the release of OnRamp, our latest DeFi-focused product, we are securely connecting enterprises to users by offering reusable, verifiable credentials to help enable compliance and risk assessment.  This means that your personal information and financial data, used in determining creditworthiness, are available to use on a decentralized platform without sacrificing your privacy.  

Bloom: Your Data, Your Credit, Your Privacy

At Bloom, we are giving you the tools to take back control of your data all with one simple app. No more centralized data storage. No more selling off your data to the highest bidder. Bloom enables you to own, control, and protect your data using the latest advancements in blockchain technology.It’s time to take back control of your data and unlock the power of a secure identity today. Download the Bloom mobile app to build a digital identity, monitor your credit, and get free data breach alerts with Radar!