Automated investment platform Betterment has reported a breach in its systems by hackers who accessed personal information of an unspecified number of customers. The company disclosed the incident in an email sent out on Monday and confirmed that the breach occurred on January 9 through a social engineering attack involving third-party platforms used for marketing and operations.
The compromised data includes customer names, email and postal addresses, phone numbers, and dates of birth. Following the breach, the attackers sent out a fraudulent notification to users, falsely claiming they could triple the value of their cryptocurrency by sending $10,000 to a wallet controlled by the hackers.
Betterment, which enables cryptocurrency investments, has not revealed the number of customers affected or the extent of the information accessed. However, it emphasized in its communications that no customer accounts were accessed and no passwords or login credentials were compromised. The company swiftly detected the breach on the same day it occurred, immediately revoking unauthorized access and initiating a comprehensive investigation in collaboration with a cybersecurity firm.
The company has also reached out to the affected customers, advising them to disregard the fraudulent messages. Despite the unsettling nature of the breach, Betterment seeks to reassure its customers about the security of their accounts and continues to work diligently to resolve the issue.
Interestingly, at the time of publication, Betterment’s security incident webpage contains a “noindex” tag in its source code, which prevents search engines from indexing the page, thereby obscuring information about the breach from public search results. This decision has raised concerns regarding transparency and accessibility of information related to the incident.
As businesses face increasingly sophisticated cyber threats, the situation underscores the importance of robust security measures and proactive communication with customers in the aftermath of a breach. Betterment’s swift response and ongoing investigation may serve as a reminder of the urgency and diligence needed in addressing such vulnerabilities in the digital age.