Automated investment platform Betterment has confirmed that hackers broke into some of its systems last week and accessed the personal information of an undisclosed number of its customers. In an email sent on Monday, Betterment explained that hackers gained access to some company systems on January 9 through a social engineering attack. This attack involved third-party platforms that the company uses for marketing and operations.
The company stated that customer names, email addresses, postal addresses, phone numbers, and dates of birth were compromised. With this access, hackers were able to send a fraudulent notification to users. This message falsely claimed to triple the value of their crypto by sending ten thousand dollars to a wallet controlled by the attacker.
Betterment, which allows customers to invest in crypto, also published an announcement about the breach on its website. The company did not disclose how many customers were targeted, nor how many had their personal information accessed, stolen, or seen by the hackers.
Betterment added that it detected the attack on the same day and immediately revoked the unauthorized access. The company launched a comprehensive investigation, which is ongoing, with the help of an unspecified cybersecurity firm. Betterment also said it has reached out to the customers targeted by the hackers and advised them to disregard the fraudulent message.
The company wrote that its ongoing investigation has continued to demonstrate that no customer accounts were accessed and that no passwords or other log-in credentials were compromised.
Representatives for Betterment did not immediately respond to a request for comment asking for more details about the attack. As of the time of publication, Betterment’s security incident web page contains a hidden tag in its source code which tells search engines to ignore the page. This makes it more difficult for anyone searching the web to discover information about the data breach.