Robo-advisory firm Betterment has disclosed a cybersecurity incident involving a social engineering attack that resulted in unauthorized access to systems associated with third-party software platforms used for marketing and operational activities.
The company stated that the incident did not involve a breach of Betterment’s internal infrastructure. Instead, a threat actor exploited access to external platforms and, on January 9, sent fraudulent cryptocurrency-related messages to a limited number of Betterment customers while impersonating the firm.
The messages falsely claimed that Betterment would triple new deposits sent to specific Bitcoin and Ethereum wallet addresses controlled by the attacker, with the intent of tricking recipients into transferring funds.
Betterment said it immediately revoked the unauthorized access after identifying the fraudulent messages and launched an investigation, which remains ongoing. The company also confirmed that it notified affected customers directly about the scam.
According to Betterment, no customer accounts were accessed, and no passwords or other login credentials were compromised. In a notice issued on January 10, the firm stated that customer accounts remained secure even if recipients clicked on links included in the fraudulent message.
However, Betterment later disclosed that the threat actor may have accessed certain customer information, including names, addresses, email addresses, phone numbers, and dates of birth. The company has not disclosed how many individuals may have been impacted.
Betterment advised customers to remain cautious of unexpected communications and reiterated that it will never request passwords or sensitive personal information via phone calls, text messages, or emails.
