Robinhood Markets Inc. said Monday that an intruder gained access to its systems last week and made off with the personal information of millions of its users.

The trading app said in a blog post that the incident took place on Wednesday evening and that the breach has since been contained.

Email addresses for about five million Robinhood...

Robinhood Markets Inc. said Monday that an intruder gained access to its systems last week and made off with the personal information of millions of its users.

The trading app said in a blog post that the incident took place on Wednesday evening and that the breach has since been contained.

Email addresses for about five million Robinhood users were exposed, as were the full names of a different group of about two million users. The intruder also accessed more-extensive personal information for a subset of more than 300 users.

No Social Security numbers, bank-account numbers or debit-card numbers were exposed and customers haven’t experienced any financial losses, Robinhood said in the blog post.

The intruder was able to gain access to Robinhood systems by impersonating an authorized party to a customer-support employee on the phone, the company said.

Robinhood said a ransom payment was demanded after the hack was contained. The company said it has informed law enforcement and continues to investigate the incident.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann The Wall Street Journal Interactive Edition

Write to Peter Rudegeair at Peter.Rudegeair@wsj.com