Betterment Confirms Hackers Accessed Internal Systems

A prominent digital wealth management platform confirmed on January 9, 2026, that its internal systems were compromised. The intrusion, attributed to a sophisticated social engineering attack, allowed an unauthorized individual to gain access.

Enabling them to impersonate the company and distribute fraudulent cryptocurrency-related messages to a subset of customers.

The attacker used identity impersonation and social engineering tactics to breach Betterment’s systems, rather than exploiting technical vulnerabilities in its infrastructure.

The unauthorized access specifically targeted third-party software platforms that Betterment relies upon for marketing operations and customer communications.

Following the initial compromise, the threat actor leveraged the access to send a fraudulent crypto promotion message appearing to originate from Betterment’s official channels to affected customers.

Betterment stated that customers who received the unauthorized message have been directly contacted and advised to disregard it.

The company emphasized that the crypto offer is not legitimate and should be treated as a phishing attempt.

Upon detecting the fraudulent message on January 9, Betterment’s security teams immediately revoked the unauthorized access and initiated a comprehensive investigation.

The company has engaged a leading third-party cybersecurity firm to support forensic analysis and incident response. As of the latest update on January 10, the investigation remains ongoing.

Data Exposure and Security Implications

Betterment confirmed that no customer accounts were directly compromised and no passwords or login credentials were stolen.

However, the unauthorized individual did access specific customers’ personally identifiable information (PII), including names, email addresses, physical addresses, phone numbers, and birthdates.

The company indicated it would provide additional details regarding the scope of exposed data once the investigation concludes. Betterment emphasized that multiple security layers protect customer accounts.

The company is reviewing and strengthening its controls and employee training programs to prevent future social engineering attempts.

Betterment plans to publish a comprehensive post-incident review upon completion of its investigation.

The company advised all customers to remain vigilant against unsolicited communications. It reiterated that Betterment will never request sensitive information via phone, text, or email.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.