Fintech firm Betterment confirms a data breach occurred after hackers sent a fake cryptocurrency scam notification to users

Automated investment platform Optimization It confirmed that hackers penetrated some of its systems last week and accessed the personal information of an undisclosed number of its customers.

In an email sent on Monday, which was seen by TechCrunch, Betterment said hackers gained access to some of the company’s systems on January 9 via a social engineering attack, which involved “external platforms” the company uses for marketing and operations.

The company said customer names, email addresses, postal addresses, phone numbers and dates of birth were compromised in the attack.

Through this access, hackers were able to send a fraudulent notification to users, claiming to triple the value of their cryptocurrencies by sending $10,000 to a wallet controlled by the attacker, it was reported. Edge.

improvement that Allows customers To invest in cryptocurrencies as well Posted an ad about the hack on its website, but did not disclose how many customers were targeted, nor how many customers had their personal information accessed, stolen or seen by the hackers.

Betterment added that it discovered the attack the same day and “immediately canceled the unauthorized access and initiated a comprehensive investigation, which is ongoing” with the assistance of an unidentified cybersecurity firm. Betterment also said it had contacted customers targeted by the hackers and “advised them to ignore the message.”

“Our ongoing investigation continues to establish that no customer accounts were accessed and that no passwords or other login credentials were compromised,” Betterment wrote in the email.

Betterment representatives did not immediately respond to a request for comment seeking further details about the attack.

As of press time, Betterment’s security incident webpage Contains a hidden “noindex” tag In its source code, it tells search engines to ignore the page, making it difficult for anyone searching the web to discover information about the data breach.