Betterment Data Breach Exposes PII of Customers

On Jan. 9, 2026, Betterment experienced a data breach involving unauthorized access to certain company systems. The breach was the result of a social engineering attack, where an individual used identity impersonation and deception to gain access, rather than exploiting technical vulnerabilities.

Once inside, the unauthorized individual sent a fraudulent crypto-related message that appeared to come from Betterment to a subset of customers.

According to its customer update page, an ongoing investigation has found no evidence that customer accounts, passwords or log-in credentials were compromised.

However, Betterment has determined that the attacker did access personally identifiable information (PII) such as certain names, email addresses, physical addresses, phone numbers and birthdates.

The company has not disclosed the exact number of affected individuals, but the incident was significant enough to prompt a comprehensive investigation and public notification.

Betterment's response

After discovering the breach, Betterment revoked the unauthorized access and launched a thorough investigation with a leading cybersecurity firm, which remains ongoing. The company is working to strengthen its internal controls and train employees to better defend against future social engineering attempts.

Betterment has communicated directly with affected customers, urging them to disregard the fraudulent crypto offer and to remain vigilant for any unexpected communications. Customers are reminded that Betterment will never call, text or email to request passwords or other sensitive personal information.

Given the nature of the breach, affected individuals should be cautious of phishing attempts, monitor their accounts for suspicious activity and be wary of any communications claiming to be from Betterment that request sensitive information. It is also advisable to review personal security practices, such as enabling multi-factor authentication where available.