Betterment data breach impacted 1.4 million customer accounts

Have I Been Pwned (HIBP) has added data from the January 2026 Betterment breach to its repository of compromised credentials, confirming that 1.4 million accounts were affected.

According to the breach monitoring platform, three-quarters of the exposed email addresses had already appeared in previous data breaches tracked by HIBP.

New breach: Betterment suffered a data breach last month exposing 1.4M unique email addresses. Following the incident, customers received crypto-related scam messages. 75% were already in @haveibeenpwned. Read more: https://t.co/veWMAbrsIV

— Have I Been Pwned (@haveibeenpwned) February 5, 2026

The breach originated from a social engineering attack targeting third-party services used by Betterment for marketing and communication. Although the company’s core infrastructure wasn’t compromised, attackers exploited their access to external systems to send fraudulent cryptocurrency investment messages to customers. The phishing messages promised high returns and directed users to send funds to attacker-controlled cryptocurrency wallets.

Betterment, founded in 2008, is one of the largest independent digital investment advisors in the United States, managing over $40 billion in assets. The platform provides robo-advisory financial planning services, retirement accounts, and cash management solutions, serving individual investors and small businesses. Its regulatory obligations and large client base make it a high-value target for financially motivated threat actors.

Initial reports of the breach surfaced last month, following the discovery of fraudulent messages purporting to be from Betterment. The attackers gained access by impersonating legitimate identities and exploiting trust within the company’s integrated third-party services. The campaign was contained quickly, and Betterment confirmed that attackers had no access to internal systems, customer accounts, or credentials such as passwords.

However, the compromise exposed a broad range of personal information. According to HIBP’s entry, the leaked data includes:

• Names
• Email addresses
• Geographic location data
• Physical addresses
• Phone numbers
• Dates of birth
• Device information
• Job titles
• Employers

While not all fields were exposed for every affected individual, even partial datasets of this kind pose serious risks of future phishing, identity theft, or social engineering attacks.

In response to the breach, Betterment engaged external cybersecurity experts to assist with the investigation and began notifying affected customers directly. The company emphasized that it will never request sensitive information, such as passwords or account details, via unsolicited communication and encouraged users to remain vigilant against further phishing attempts.

Users impacted by the breach should be cautious of emails or texts claiming to be from Betterment or related financial services, particularly those promoting cryptocurrency offers. Multi-factor authentication (MFA) should be enabled on all accounts where available. It is also advisable to monitor credit activity and consider identity protection services.