Robinhood was hit with $45 million in fresh fines from the Securities and Exchange Commission on Monday, the latest reprimand that the crypto-favorite brokerage has received from regulators.
The violations laid out by the S.E.C. stretched from 2019 to 2023 and included a failure to protect sensitive customer data, employee use of encrypted messaging applications and errors of basic bookkeeping. The agency also said Robinhood had fallen short of its obligations to report suspicious client transactions to the authorities.
The allegations announced Monday included a November 2021 incident in which a hacker obtained millions of email addresses and names of Robinhood customers, along with a small number of what the brokerage described then as “extensive account details.”
The S.E.C. said Robinhood had failed to stop the attack despite being aware of its vulnerabilities beforehand.
The regulator said Robinhood “admitted certain findings in the order and agreed to be censured.”
In a statement, the company’s general counsel, Lucas Moskowitz, described the activities as largely historical matters that had since been fixed. In a nod to next week’s inauguration of President-elect Donald J. Trump, he said the company was looking forward to working with the S.E.C. under a new administration.
Robinhood quickly rose to prominence over the past decade by offering commission-free trades to investors and being early to offer cryptocurrencies and other related investments. Its past admonishments from state, federal and industry regulators include fines of $65 million in 2020 and $70 million in 2021 for misleading customers.
Now publicly traded, Robinhood has a market capitalization of $35 billion.
