How did the Betterment breach occur?

The breach occurred on January 9, 2026, through a social engineering attack targeting third-party platforms Betterment uses for marketing and operations.

What data was exposed in the Betterment incident?

Exposed data includes customer names, email addresses, postal addresses, phone numbers, and dates of birth.

Were Betterment user passwords or accounts compromised?

Betterment stated that no customer accounts were accessed and no passwords or login credentials were compromised during the attack.

What was the nature of the scam sent to users?

Attackers sent fake notifications promising to triple Bitcoin or Ethereum deposits if users sent up to $10,000 to a specific wallet address.

How did Betterment respond to the breach?

Betterment revoked unauthorized access, launched an investigation with a security firm, and notified affected customers to disregard the fraudulent messages.

Incident

Betterment investment advisor reports data breach, crypto scam notification

published: Jan. 13, 2026

Learn More

Betterment, a digital investment advisor, reports that attackers broke into its systems on January 9, 2026.

The breach started with a social engineering attack against third-party platforms the company uses for marketing and operations. Betterment detected the intrusion the same day and stopped the unauthorized access.

The company hired an outside security firm to investigate the event and claims that its core systems and user accounts remain secure.

The attackers used their access to send fake notifications to Betterment users through the official mobile app and email channels. These messages tried to trick people into a cryptocurrency scam by promising to triple the value of Bitcoin or Ethereum deposits. The fraudulent offer claimed users could receive up to $30,000 if they sent $10,000 to a specific wallet within a three-hour window. Betterment has told users to ignore these messages and confirmed that the promotion was fake.

The company claims no one accessed actual customer accounts or stole passwords but the attackers did reach sensitive personal data stored within the compromised marketing tools. The compromised data includes:

Full customer names
Email addresses
Postal addresses
Phone numbers
Dates of birth

The number of affected individuals is not disclosed.

Betterment posted a notice on its website but added a "noindex" tag to the page's code. This tag prevents search engines from showing the page in search results, making the breach harder for the public to find.

Affected users should monitor their accounts for suspicious activity and be careful of phishing attempts.

Update - As of 5th of February 2026, Have I Been Pwned (HIBP) claims a cyberattack on Betterment affected roughly 1.4 million users. HIBP says the dataset tied to the attack contains approximately 1.4 million unique email addresses, and partial personal information that aligns with details reported by Betterment. The company has not publicly confirmed how many customers were affected by January's incident.

Betterment investment advisor reports data breach, crypto scam notification

Read More
Emerald Financial Services reports MOVEit related data breach
Cadence Bank reports MOVEit related data breach
Roundpoint clients exposed due to MOVEit related data …
Akira Ransomware Group claims breach of Ellafi Federal …
0G Foundation reports $520,000 security breach through exploitation …