What Happened
Betterment disclosed that its systems were compromised in mid‑January 2026 when an employee fell victim to a social‑engineering phishing attack, inadvertently sharing login credentials for a third‑party software platform.
Scope of the Breach
Security researcher Have I Been Pwned analyzed the stolen files and confirmed that 1,435,174 records were exposed. The data set includes email addresses, names and geographic location information.
Investigation Findings
Betterment engaged the cybersecurity firm CrowdStrike to conduct a forensic investigation. The investigation concluded that no customer accounts, passwords or other login credentials were compromised during the incident.
Potential Impact on Users
While passwords remained safe, the breach did expose personal contact details. In a subset of records, additional information such as physical addresses, phone numbers or birthdates was also present.
- Email addresses
- Full names
- Geographic location data
- Physical addresses (in some cases)
- Phone numbers (in some cases)
- Birthdates (in some cases)
What Betterment Recommends
Customers are urged to remain vigilant for phishing or social‑engineering attempts, to verify any unexpected communications, and to follow standard security best practices such as using unique passwords and enabling multi‑factor authentication.