- Betterment breach impacted 1,435,174 individuals, confirmed by Have I Been Pwned
- Attack stemmed from social engineering against an employee, leading to phishing emails sent via third-party platform access
- CrowdStrike investigation found no accounts or credentials compromised; exposed data limited to contact details and some personal information
We now know exactly how many people were affected by the recent data breach at Betterment – 1,435,174. The number was confirmed by Have I Been Pwned?, a company that aggregates email addresses stolen in various cyberattacks.
The investment platform revealed it had been hit in mid-January 2026, and its infrastructure used to send out phishing emails to customers.
At the time, the company said one of its employees was tricked, through social engineering, into sharing login credentials for a third-party software platform it uses.
Emails, names, and geo data
“This means the individual used identity impersonation and deception to gain access, rather than compromising our technical infrastructure,” the notification reads.
Without naming the platform that was abused, Betterment said that the attackers used their access to send “fraudulent, crypto-related messages that appeared to come from Betterment.” A “subset” of customers was targeted, and Betterment reached out to warn about the obvious phishing attack.
While the company did not say how many people were targeted in this attack, Have I Been Pwned said it analyzed the stolen files and concluded they contained 1.4 million records, including email addresses, names, and geographic location data.
Betterment also said that its investigation with CrowdStrike concluded that user accounts were not compromised in the attack.
“Our forensic investigation, supported by the cybersecurity firm, CrowdStrike, has confirmed that no customer accounts, passwords, or login information were compromised as part of the January 9 incident,” the company said.
“Our analysis continues to indicate that the primary privacy impact involved certain customer contact information, including names and emails. In a subset of cases, contact information was coupled with other customer information, such as physical addresses, phone numbers, or birthdates.”
Betterment has warned its customers to remain vigilant of potential phishing or social engineering attacks coming their way.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/CkEFJ8H9nxAMcFHj58XHiA-1600-80.jpg
Source link
