Betterment
Medium Impact•
1,435,174 records affected
•
HaveIBeenPwned
Description
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.
What to do if you're affected
- 1.Change your password immediately if you have an account with this service
- 2.Enable two-factor authentication (2FA) wherever possible
- 3.Check if your email appears in the breach using Have I Been Pwned
- 4.Monitor your accounts for suspicious activity
- 5.Consider using a password manager to generate unique passwords