{“lastseen”:”2026-02-18T18:05:10″,”description”:”Betterment LLC is an investment advisor registered with US Securities and Exchange Commission (SEC). The company disclosed a January 2026 incident in which an attacker used social engineering to access a third\u2011party platform used for customer communications, then abused it to send crypto\u2011themed phishing messages and exfiltrate contact and identity data for more than a million people.\\n\\nWhat makes this particularly concerning is the depth of the exposed information. This isn\u2019t just a list of email addresses. The leaked files include retirement plan details, financial interests, internal meeting notes, and pipeline data. It’s information that gives cybercriminals real context about a person\u2019s finances and professional life.\\n\\nWhat\u2019s worse is that ransomware group Shiny Hunters claims that, since Betterment refused to pay their demanded ransom, it is publishing the stolen data.\\n\\n\\n\\nWhile Betterment has not revealed the number of affected customers in its online communications, general consensus indicates that the data of 1.4 million customers was involved. And now, every cybercriminal can download this information at their leisure.\\n\\nWe analyzed some of the data and found one particularly worrying CSV file with detailed data on 181,487 people. This file included information such as:\\n\\n * Full names (first and last)\\n * Personal email addresses (e.g., Gmail)\\n * Work email addresses\\n * Company name and employer info\\n * Job titles and roles\\n * Phone numbers (both mobile and work numbers)\\n * Addresses and company websites\\n * Plan details\u2014company retirement\/401k plans, assets, participants\\n * Survey responses, deal and client pipeline details, meeting notes\\n * Financial needs\/interests (e.g., requesting a securities-backed line of credit for a house purchase)\\n\\n\\n\\n* * *\\n\\n## See if your personal data has been exposed. \\n\\nSCAN NOW\\n\\n* * *\\n\\nThis kind of data is a gold mine for phishers, who can use it in targeted attacks. It has enough context to craft convincing, individually tailored phishing emails. For example:\\n\\n * Addressing someone by their real name, company, and job title\\n * Referencing the company\u2019s retirement or financial plans\\n * Impersonating Betterment advisors or plan administrators\\n * Initiating scam calls about financial advice\\n\\n\\n\\nCombined with data from other breaches it could even be worse and lead to identity theft.\\n\\n## What to do if your data was in a breach\\n\\nIf you think you have been affected by a data breach, here are steps you can take to protect yourself:\\n\\n * **Check the company\u2019s advice.** Every breach is different, so check with the company to find out what\u2019s happened and follow any specific advice it offers.\\n * **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don\u2019t use for anything else. Better yet, let a password manager choose one for you.\\n * **Enable two-factor authentication (2FA****).** If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can\u2019t be phished.\\n * **Watch out for impersonators.** The thieves may contact you posing as the breached platform. Check the official website to see if it\u2019s contacting victims and verify the identity of anyone who contacts you using a different communication channel.\\n * **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.\\n * **Consider not storing your card details**. It\u2019s definitely more convenient to let sites remember your card details, but it increases risk if a retailer suffers a breach.\\n * **Set up identity monitoring**, which alerts you if your personal information is found being traded illegally online and helps you recover after.\\n\\n\\n\\nUse Malwarebytes\u2019 free Digital Footprint scan to see whether your personal information has been exposed online.\\n\\nSCAN NOW\\n\\n* * *\\n\\n**We don ‘t just report on threats\u2014we help safeguard your entire digital identity**\\n\\nCybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.”,”published”:”2026-02-18T17:09:02″,”modified”:”2026-02-18T17:09:02″,”type”:”malwarebytes”,”title”:”Betterment data breach might be worse than we thought”,”source”:””,”references”:””,”id”:”MALWAREBYTES:C27A28885D058D0892D2394E8ADF89D6″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/02\/betterment-data-breach-might-be-worse-than-we-thought”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-18T18:05:10″,”description”:”Betterment LLC is an investment advisor registered with US Securities and Exchange Commission (SEC). The company disclosed a January 2026 incident in which an attacker…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-41401","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n