top of page

Services
Professional services
Security Risk Assessment
Expert-led, customized assessment with a clear fix-first roadmap.
Virtual CISO (vCISO)
Build your security program with senior guidance and execution.
Compliance as a Service (CaaS)
We build and run your compliance program so you stay audit-ready year-round.
Penetration Testing
Prove what’s exploitable before attackers do.
Incident Response
Incident response readiness plus on-call support when it counts.
Managed Services
Third-Party Risk Management
Securely manage vendor relationships from start to finish.
Security Awareness Training
Empower your team to recognize threats.
Email Security
Protect your inbox from phishing and spam.
Vulnerability Management
Continuous scanning and alerts for swift risk remediation.
Managed Detection & Response (MDR)
Quickly detect, respond, and recover from advanced threats.
Password Management
Secure, manage, and simplify passwords.
Dark Web Monitoring
Monitor exposed data before it’s used against you.
Industry
Healthcare
Ensure patient trust with robust data protection and compliance.
Financial Services
Safeguard financial data while meeting compliance at every level.
K-12 Education
Enhance student safety and privacy while supporting educational goals.
Framework
HIPAA
SOC 2
Additional frameworks
Simplify security: How to build your security program with NIST CSF 2.0
Download the ebook
Resources
Resources
Blog
Stay updated with the latest trends and insights in cybersecurity. From industry news to expert analyses, our blog keeps you informed.
Podcast
Listen to expert discussions on pressing cybersecurity issues. Featuring interviews and practical advice, our podcast keeps you engaged and informed.
Security community
Stay updated with the latest security news and join the conversation. Connect with peers, share insights, and leave comments on the most recent updates.
Guides and reports
Access comprehensive guides and reports with actionable insights and strategies to improve your security stance.
Master HIPAA: How to achieve compliance with our ultimate guide
Download the guide
Company
Contact
Partners

Free Cybersecurity Review

News

Public·3 members

George Sutton

George Sutton

George Sutton

February 10, 2026

Crypto Social Engineering at Scale: Breaking Down the Betterment Breach

February 10th, 2026

❓What:

On January 9, 2026, financial technology firm Betterment experienced a data breach after attackers carried out a successful social engineering attack against a third-party platform used for marketing and customer outreach.
Hackers gained unauthorized access to some internal systems and were able to send fraudulent cryptocurrency “promotion” messages — including promises to triple users’ crypto if they sent funds to attacker-controlled wallets.
Breach access was revoked quickly once detected. Betterment confirmed that no customer accounts, passwords or login credentials were accessed.

⚠️Impact:

Personal data exposed for a significant number of customers — reported by external monitors at approximately 1.4 million people — including names, email addresses, physical addresses, phone numbers, and dates of birth.
Attackers used exposed contact data to distribute targeted fraudulent crypto scam messages, potentially increasing risk of phishing and financial fraud aimed at victims.
Although core account security was intact (no login or financial data accessed), the breach underscores vulnerabilities in third-party integrations and the effectiveness of social engineering tactics.

💡Recommendations:

Strengthen Third-Party Risk Management: Conduct rigorous security reviews of all external platforms with access to customer data, including enforceable vendor security controls and MFA. Conduct reviews of organizational vendor risk management practices.
Enhance Social Engineering Defenses via Training: Train staff on detection and escalation of sophisticated social engineering attempts; implement simulated attack exercises.
Improve Customer Notifications & Alerts: Rapidly communicate confirmed breaches with clear guidance on how customers should respond to suspicious communications.
Segmentation & Least Privilege: Ensure any third-party tools have minimal access and rights needed to perform tasks, reducing lateral exposure.
Continuous Monitoring: Deploy real-time monitoring and anomaly detection for unusual outbound communications via integrated systems.

Read the full article HERE

38 Views

bottom of page