Betterment — 1.4M accounts
Severity: Medium · Kind: Data breach
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice , Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.
Breach facts
- Accounts affected
- 1,435,174
- Verified
- Yes
- Sensitive
- No
- Domain
- betterment.com
- Data exposed
- Dates of birthDevice informationEmail addressesEmployersGeographic locationsJob titlesNamesPhone numbersPhysical addresses
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.