Betterment Confirms Security Incident After Unauthorized Crypto Message
Betterment has confirmed a security incident in which an unauthorized individual gained access to certain internal systems and sent a fraudulent, crypto-related message to a subset of customers. The company says the incident was the result of social engineering, not a breach of its core technical infrastructure.
What Happened
On January 9, an attacker impersonated a trusted identity and used deception to access third-party software platforms that Betterment uses for marketing and operational support. Using that access, the attacker sent a message that appeared to come from Betterment and promoted a fraudulent cryptocurrency offer.
The message was not authorized by Betterment.
What Did Not Happen
According to the company:
- No customer investment accounts were accessed
- No passwords or login credentials were compromised
- No trading activity was affected
- Betterment’s core systems were not breached
The incident did not involve a technical hack of Betterment’s infrastructure.
What Data May Have Been Accessed
Betterment believes the attacker accessed certain customer contact and profile information, including:
- Names
- Email addresses
- Physical addresses
- Phone numbers
- Birthdates
The company has not yet disclosed how many customers were affected and says its investigation is ongoing.
How Betterment Responded
Once the unauthorized activity was identified:
- Access was immediately revoked
- A formal investigation was launched
- An external cybersecurity firm was engaged
- Affected customers were contacted directly
- Additional controls and training are being reviewed and strengthened
Betterment has stated it will publish a post-incident review once the investigation is complete.
Why This Matters
This incident highlights a growing security reality: attacks increasingly target people and trusted tools, not just technology. Even when core systems remain secure, compromised access to third-party platforms can still enable convincing scams and expose personal data.
For customers, the primary risk is follow-on phishing or impersonation attempts, not direct account compromise.
Betterment has reiterated that it will never ask customers to share passwords or sensitive information via email, text, or phone.
The post Betterment Confirms Security Incident After Unauthorized Crypto Message appeared first on Centraleyes.
*** This is a Security Bloggers Network syndicated blog from Centraleyes authored by Rebecca Kappel. Read the original post at: https://www.centraleyes.com/betterment-confirms-security-incident/
