Automated investment platform Betterment has recently confirmed a security breach where hackers infiltrated their systems and gained access to the personal information of some customers. The breach, which occurred on January 9 through a social engineering attack on third-party platforms used by the company, compromised customer names, email addresses, postal addresses, phone numbers, and dates of birth.
According to Betterment, the hackers utilized the compromised access to send fraudulent notifications to users, falsely promising to triple the value of their cryptocurrency investments if they transferred $10,000 to a wallet controlled by the attackers. The company, known for its crypto investment options, has acknowledged the breach on its website but has not disclosed the exact number of customers affected or the extent of the data accessed by the hackers.
Upon detecting the attack on the same day, Betterment promptly revoked unauthorized access and initiated a thorough investigation with the assistance of a cybersecurity firm. The company reassured customers that no accounts were breached, and no login credentials were compromised in the incident. Betterment has also reached out to the affected customers, advising them to disregard any suspicious messages received.
Despite the breach, Betterment has not provided specific details about the attack, as representatives have yet to respond to inquiries for further information. Notably, the security incident page on Betterment’s website contains a hidden “noindex” tag, indicating a deliberate effort to restrict search engine access to information about the breach.