What Happened
On January 9, 2026, Betterment, a digital investment platform managing over $65 billion in assets for more than one million customers, suffered a data breach via a social engineering attack, where an unauthorized individual impersonated a trusted party to access third-party software platforms used for marketing and operations, rather than exploiting core technical vulnerabilities. The attacker sent fraudulent cryptocurrency scam messages—claiming to triple deposits to attacker-controlled Bitcoin and Ethereum wallets—to a subset of customers, while accessing personally identifiable information (PII) including names, email addresses, physical addresses, phone numbers, and birthdates of an undisclosed number of individuals; no customer accounts, passwords, login credentials, or trading activity were compromised. Betterment detected the breach the same day, revoked access, notified affected customers to disregard the messages, engaged a leading cybersecurity firm for an ongoing investigation, and later mitigated a separate DDoS attack on January 13 that caused temporary service disruptions but did not impact security. (Note: A separate January 26 incident attributed to ShinyHunters claiming a 1.6GB leak appears unconfirmed by primary sources and may relate to this event.)
