Financial services company Robinhood was issued a civil summons on Monday, notifying it of an Eastern District of New York lawsuit filed a week after the company announced a security breach that exposed customer information. Last week’s complaint contends that Robinhood Markets Inc.’s failure to maintain adequate security measures caused the breach, resulting in harm to the New York plaintiffs and putative nationwide class.
The filing recounts that Menlo Park, California-based Robinhood is an online stock trading platform with over 31 million users and is regulated by federal authorities. On November 8, the company brought the breach to light, explaining that “[t]he unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems.”
Consequently, the hacker obtained the emails of five million users, the full names of a different group of about two million users, and for smaller subsets of users, additional personal information like date of birth and zip code. For approximately 10 Robinhood customers, the breach reportedly exposed “more extensive account details.”
The complaint alleges that Robinhood failed to take reasonable steps to adequately protect the personally identifying information of its current and former customers. As a result, the plaintiffs assert that they may be subject to identity theft, unauthorized access of their online accounts, and other fraud.
The filing seeks to recover compensatory damages, reimbursement of the plaintiffs’ mitigation costs, and “declaratory judgment and injunctive relief to mitigate future harms that are certain to occur in light of the scope of this breach.” The plaintiffs seek to certify a class of Robinhood account holders whose information was similarly compromised. The lawsuit states seven causes of action for tort, contract, and New York law violations.
The plaintiffs are represented by Held & Hines LLP.