On January 9, 2026, Betterment reported a security breach that led to unauthorized access of limited customer information and the distribution of misleading messages.

The incident affected systems used for marketing and operational functions. The vulnerability was exploited through social engineering rather than a direct attack on Betterment’s main network infrastructure.

Personal details compromised included customers’ names, email addresses, postal addresses, phone numbers, and dates of birth. However, login credentials and account passwords were not breached.

Fraudulent Messages Circulated

Betterment discovered the unauthorized activity on the same day it occurred and took steps to secure accounts further. The attackers sent messages encouraging users to transfer funds to a fraudulent cryptocurrency wallet, promising significant returns.

An internal investigation involving an external cybersecurity expert was initiated immediately, with continued oversight. Customers were informed about the fraudulent message and advised against following any instructions received.

The extent of customer data affected and the number of individuals impacted were not disclosed by Betterment.

Investigations are ongoing, with no evidence pointing to unauthorized transactions or access to investment accounts linked to this breach.

Betterment did not provide additional details on the incident at the time of reporting.

The webpage detailing the breach included technical measures to prevent search engine indexing, limiting its visibility.