Betterment Breach

In January 2026, the digital investment platform Betterment experienced a data breach stemming from a social engineering attack on its third-party marketing and operational systems. On January 9, unauthorized actors gained access to these external tools and used them to distribute fraudulent emails and push notifications to customers promoting a fake cryptocurrency scheme. While Betterment confirmed that its core financial infrastructure, customer login credentials, and investment accounts remained secure, the company disclosed that personal identifiable information (PII)-including names, email addresses, phone numbers, postal addresses, and dates of birth-was likely exposed during the incident. Betterment quickly revoked the unauthorized access, launched a forensic investigation, and advised users to disregard the fraudulent communications.