Betterment suffers customer data breach and dissemination of fraud emails

On January 9, 2026, digital investment platform Betterment suffered a security incident after a threat actor successfully used social engineering to gain unauthorized access to third-party systems the company relies on for marketing and operational communications.

The breach resulted in fraudulent crypto-related messages being sent to a subset of Betterment customers, impersonating the company.

The incident did not stem from a technical breach of Betterment’s core infrastructure. Instead, the attacker exploited human trust by impersonating legitimate identities, allowing them to infiltrate external platforms integrated into Betterment’s business workflows. According to the company, once inside, the individual crafted and distributed misleading crypto offers designed to appear as official Betterment promotions.

On January 9, an unauthorized individual gained access to certain Betterment systems, which allowed them to represent themselves as Betterment and send a fraudulent crypto offer to some customers. This is not a real offer and should be disregarded.

— Betterment (@Betterment) January 10, 2026

Founded in 2008, Betterment is one of the largest independent digital investment advisors in the United States, with over $40 billion in assets under management. The company offers automated financial planning, robo-advisory services, and cash management tools, primarily targeting retail investors and small businesses. As a regulated financial entity handling sensitive personal and financial data, Betterment’s security posture is closely watched by customers and regulators alike.

The attacker’s access was promptly revoked after the fraudulent messages were sent, and Betterment launched a full-scale investigation. A cybersecurity firm has been brought in to assist with incident response and forensics. While Betterment affirms that no customer accounts were accessed and no passwords or credentials were compromised, the company acknowledges that the attacker likely accessed personal information, including:

• Names
• Email addresses
• Physical addresses
• Phone numbers
• Birth dates

Betterment has reached out directly to affected customers and is encouraging all users to be alert for further phishing attempts or suspicious communications. The firm reiterated that it never contacts customers to request sensitive credentials like passwords via phone, email, or text.

At the time of writing, the investigation is ongoing. Betterment plans to publish a post-incident review once the analysis is complete and has also committed to strengthening internal controls and employee training to reduce the risk of similar attacks in the future.