Betterment confirms social engineering attack exposed customer personal data

Automated investment platform Betterment has confirmed that hackers gained unauthorized access to some of its systems last week through a social engineering attack, exposing personal information belonging to an undisclosed number of customers.

The intrusion occurred on January 9, when an unauthorized individual accessed Betterment systems through third-party platforms used for marketing, operations, and customer communications. The company said the attack relied on identity impersonation and deception rather than a direct compromise of its core technical infrastructure.

Betterment confirmed that customer names, email addresses, physical mailing addresses, phone numbers, and dates of birth were accessed. The company stated that no customer accounts were entered and that no passwords or login credentials were compromised.

Using the unauthorized access, the attacker sent fraudulent messages to some customers promoting a fake cryptocurrency offer that claimed to triple the value of users’ crypto holdings in exchange for sending $10,000 to a wallet controlled by the attacker. Betterment allows customers to invest in cryptocurrency but said the message was not legitimate and did not originate from the company.

The company said it detected the activity on the same day it occurred, immediately revoked the unauthorized access, and launched an ongoing investigation with the assistance of a cybersecurity firm. Customers who received the fraudulent message were contacted and advised to disregard it.

In a series of updates issued between January 9 and January 12, Betterment said it found no evidence that customer funds were accessed or that account security was compromised, even if recipients clicked on the fraudulent notification. The company said the attacker was able to pose as Betterment only through the compromised third-party systems.

Betterment has not disclosed how many customers were affected or how long the unauthorized access persisted. As of publication, the company’s security incident webpage includes technical instructions that prevent search engines from indexing the page, limiting its visibility in online search results.

The company said it is continuing to investigate the incident and is reviewing and strengthening internal controls and employee training to reduce the risk of future social engineering attacks. Customers were urged to remain cautious of unexpected communications and reminded that Betterment will never request passwords or sensitive personal information.