On Monday, the trading app Robinhood (NASDAQ:HOOD) said that an intruder gained access to its systems last week and made off with millions of its users’ personal information.The incident took place on Wednesday evening and the breach has since been contained, said Robinhood.Email addresses of about five million users were exposed as well as about two million full names of different users.Robinhood said in a blog post that the intruder also managed to access more extensive personal information from a subset of about 300 users. However, no social security number, bank account, or debit card numbers were exposed and no customer has experienced any financial losses.The unauthorized party was able to gain access to Robinhood systems by socially engineering a customer support employee by phone, Robinhood said and added that the third party had demanded an extortion payment.Law enforcement has been informed of the incident and is continued to be investigated with the help of cybersecurity company Mandiant.WHAT LAW ENFORCEMENT IS SAYINGThe Department of Financial Services of New York has been investigating Robinhood’s cybersecurity practices and found violations of state cybersecurity requirements at its cryptocurrency arm, Robinhood said in securities filings.The company, according to the filings, has reached a settlement with the state regulator over its conduct that includes an expected monetary penalty of $30 million and the hiring of an outside monitor.While the hackers largely stole information that was not particularly sensitive, it doesn’t mean that it would not be useful to hackers, said chief research officer, Allison Nixon at Unit 221B LLC, a cybersecurity investigations company.She concluded that the more than 300 Robinhood customers who had more information stolen are now at much greater risk of being targeted by an attack such as SIM swapping in an attempt to break into their online accounts.Robinhood’s shares fell about 3% in extended trading.To learn more about shares and Robinhood, visit MEXEM.