Cybersecurity incident response teams at Betterment, a US-based financial technology firm that offers automated investment and savings accounts, confirmed that personal data from about 14 million customer accounts was accessed by an unauthorised third party. The company said the breach involved sensitive information stored in internal systems and was detected in late January 2026.
Betterment said the compromised data includes names, email addresses, postal addresses, dates of birth, and other personal details associated with customers’ accounts. The company emphasised that external account access, login credentials, and financial account numbers were not accessed in the breach, and that no transfers or withdrawals of customer funds have been detected. Betterment also stated that customers’ investment holdings and balances remain secure.
The firm said it detected unusual activity on its systems in late January and launched an investigation with independent cybersecurity specialists and law enforcement. Betterment did not disclose the specific method used by the attacker to gain access, but said steps have been taken to contain the incident and to secure its environment. The company notified affected customers and is offering identity protection services. Notifications include guidance on recognising phishing and other suspicious communications that may follow the incident.
Officials at Betterment said they are reviewing existing security measures and will implement additional safeguards to enhance the protection of customer data. The company reiterated that it has no evidence of unauthorised access to customer login credentials or financial assets. It also confirmed that accounts protected by multifactor authentication were not directly compromised.
Regulatory bodies and financial industry partners were informed of the breach and are monitoring actions taken by Betterment in response. Industry analysts noted that data breaches involving personal information can increase the risk of scams and identity theft if contact details and other personal information are used in targeted attacks.
Law enforcement agencies are assisting with the investigation and have advised organisations to report any related suspicious activity. Betterment said it will provide updates as its review continues and as additional information becomes available about the scope and origin of the breach.