Cyrus Newsletter, November 2021

Welcome to our biweekly roundup of important stories happening around the world of cybersecurity. In this newsletter, we discuss Robinhood‘s latest breach, the cost of child identity theft, and a breach affecting thousands of Missouri educators. As always, stay informed and stay safe.


Robinhood has been the victim of a data breach, impacting 7M users

Robinhood, the renowned stock trading platform, suffered an attack on November 3rd. The company confirmed that a threat actor managed to access customer support systems after calling a customer support employee and using social engineering to obtain access. 

Data breached was mainly full names and email addresses. For a limited number of people, more sensitive information such as date of birth, zip codes, and more extensive account details were revealed. Fortunately, no SSN, bank account numbers, or debit card details were exposed. However, Robinhood also received an extortion demand, threatening that the stolen data would be leaked if a Bitcoin ransom was not paid. Robinhood is currently investigating the breach with the help of Mandiant, a security firm.


The cost of child identity theft amounts to $1B annually (Javelin Strategy & Research)

Javelin Strategy & Research’s new report on child identity theft is meant to bring light on this highly underreported and misunderstood matter.

Indeed, child identity fraud costs U.S. families nearly $1 billion annually, affecting 1 out of 50 children. But what is even more surprising is that over 70% of child victims know their perpetrators. 

Child ID fraud’s biggest burden is that it is more difficult to detect, as children are not financially active and are not taking actions that require credit checks (for instance opening accounts or paying bills). That’s why usually child ID theft falls under the radar. 

Moreover, the research showed that child ID theft takes longer to resolve, and can go up to more than 4 hours longer to fix than adult ID theft.

Looking at the cause, child ID theft usually comes from risky online behavior such as unrestricted access to social platforms, and especially before the age of 13.

DESE data vulnerability affected 620K teachers

The Department of Elementary and Secondary Education (DESE) website, which compiles all teacher information, has been accessed by an external actor after a data vulnerability was found. The last 4 digits of 620K educators’ SSN were visible on the website. 

Missouri state just announced that it will offer 1 year of free credit and identity theft monitoring, which will cost the state more than $800K. The DESE also apologized and ensured that they were dealing with the situation.

Make sure to download the Cyrus app to protect yourself against any security breaches, and stay tuned for our next newsletter.