Betterment Confirms Data Breach After Hackers Send Fake Crypto Scam Notifications to Users

Automated investment platform Betterment has confirmed that hackers gained unauthorized access to parts of its systems last week, exposing personal information of an undisclosed number of customers.

In an email sent to users on Monday, Betterment said the attackers accessed specific company systems on January 9 through a social engineering attack. The incident involved “third-party platforms” that Betterment uses for marketing and operational purposes.

According to the company, the compromised data included customer names, email addresses, postal addresses, phone numbers, and dates of birth.

Using that access, the attackers sent fraudulent messages to users promoting a crypto scam. The messages falsely claimed users could triple the value of their cryptocurrency by sending $10,000 to an attacker-controlled wallet, as previously reported by The Verge.

Betterment, which allows customers to invest in cryptocurrency, also posted a notice about the breach on its website. However, the company did not disclose how many customers were targeted or how many had their personal information accessed, viewed, or stolen.

The company said it detected the intrusion the same day it occurred and “immediately revoked the unauthorized access and launched a comprehensive investigation,” which is still ongoing. The investigation is being conducted with assistance from an external cybersecurity firm. Betterment also said it contacted affected customers and advised them to ignore the fraudulent messages.

“Our ongoing investigation has continued to demonstrate that no customer accounts were accessed and that no passwords or other log-in credentials were compromised,” Betterment said in the email.

Representatives for Betterment did not immediately respond to requests for additional comment or clarification about the scope of the breach.

As of publication, Betterment’s online security incident notice includes a hidden “noindex” tag in its source code, which instructs search engines not to index the page, making information about the breach harder to discover through web searches.