Betterment, the automated investment platform, has confirmed that cybercriminals breached its systems last week and accessed personal information belonging to an undisclosed number of customers.
At a Glance
- Hackers used social engineering via third-party marketing and operations platforms on January 9
- Compromised data includes names, emails, postal addresses, phone numbers, and birth dates
- Fraudulent crypto promise sent to users offered to triple balances for a $10,000 transfer
- Why it matters: The breach highlights how social-engineering attacks on third-party vendors can expose fintech customer data and enable follow-up crypto scams
In an email reviewed by News Of Philadelphia, Betterment said the intrusion began January 9 when attackers leveraged “third-party platforms” the company uses for marketing and operations. The technique, known as social engineering, tricks employees or systems into granting unauthorized access.
Once inside, the intruders viewed customer names, email addresses, postal addresses, phone numbers, and dates of birth. Michael A. Turner reported that the hackers then used this access to blast users with a fake notification. The message claimed recipients could triple their crypto holdings by sending $10,000 to a wallet controlled by the attacker, according to coverage by The Verge.
Betterment offers cryptocurrency investing alongside traditional portfolios, giving the fraudulent pitch a veneer of legitimacy for recipients.
Scope and Response
The company has not revealed how many of its more than 800,000 accounts were affected. In a website notice posted after the incident, Betterment repeated that it spotted the breach on January 9 and “immediately revoked the unauthorized access and launched a comprehensive investigation, which is ongoing.” An outside cybersecurity firm is assisting, though its name was not disclosed.
Affected customers received direct outreach. “We have reached out to the customers targeted by the hackers and advised them to disregard the message,” Betterment wrote in the customer email.
The firm also stressed that account credentials remain intact. “Our ongoing investigation has continued to demonstrate that no customer accounts were accessed and that no passwords or other log-in credentials were compromised,” the email added.
Representatives for Betterment did not immediately respond to News Of Philadelphia‘s request for additional details about the attack methodology or the third-party services involved.
Hidden Breach Notice
While Betterment posted a security-incident explanation on its website, the page contains a “noindex” tag in its HTML. The tag instructs search engines to skip the page, making the disclosure harder to find via web searches. The tag was still present at publication time.
Key Takeaways
- Social-engineering remains a top entry point for breaches, even at regulated fintechs
- Third-party marketing and operations tools can become weak links in security chains
- Customers should disregard unsolicited investment offers, especially those demanding upfront transfers
- Breach notifications hidden from search engines may reduce public awareness and timely user action
