Last updated 1 month ago
Betterment, an automated investment platform in the financial services sector, confirmed a data breach in January 2026. The incident exposed 1,435,174 unique customer records containing email addresses, names, and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses.
The breach resulted from a social engineering attack where threat actors gained unauthorized access to customer data. Attackers used the compromised information to send fraudulent cryptocurrency investment messages to Betterment customers, directing them to send funds to attacker-controlled cryptocurrency wallets. The breach did not provide access to customer accounts and did not expose passwords or other login credentials.
Betterment's disclosure notice confirmed that customer accounts remained secure throughout the incident. The company has notified affected customers about the data exposure and the fraudulent messaging campaign.
Social engineering attack
This breach demonstrates how social engineering attacks against financial services companies can bypass technical controls to access sensitive customer data. The incident highlights the need for enhanced employee security awareness training and multi-factor authentication for internal systems handling customer information, particularly when attackers use compromised data for secondary fraud campaigns targeting customers directly.
Sign in to join the discussion.
Company
Industry
Location
Discovered
Disclosed
Records Affected
Attack Vector