Betterment data breach exposes customer information

Automated investment platform Betterment confirmed a data breach occurred last week, compromising personal information of an undisclosed number of its customers. Hackers gained access to company systems on January 9 through a social engineering attack targeting third-party platforms used for marketing and operations, with further coverage provided by TechCrunch.

The breach allowed attackers to access customer names, email addresses, postal addresses, phone numbers, and dates of birth. Exploiting this access, hackers sent a fraudulent notification to users, falsely claiming to triple cryptocurrency value if users sent funds to an attacker-controlled wallet. Betterment stated that while personal information was accessed, no customer accounts, passwords, or login credentials were compromised. The company detected the attack on the same day, revoked access, and launched an investigation with a cybersecurity firm. Customers targeted by the fraudulent message have been advised to disregard it.

The incident highlights the ongoing risks associated with social engineering attacks and the vulnerability of third-party platforms. The inclusion of a hidden "noindex" tag on Betterment's security incident page raises questions about transparency.

Source: TechCrunch