Robo-advisor Betterment has disclosed a data breach that exposed the personal information of nearly 1.4 million customers. The breach was claimed by the hacking group ShinyHunters, which has been linked to numerous high-profile data breaches in recent years. The exposed data potentially includes names, email addresses, account details, and financial information from one of the largest automated investment platforms in the United States.
Learn what to do if your financial data is exposed in a breach on OpenClassActions.com.
What Happened
Betterment, which manages billions of dollars in assets for retail investors, confirmed the security incident after the ShinyHunters hacking group claimed responsibility. ShinyHunters is the same group behind breaches at Panera Bread, AT&T, and numerous other companies. The group is known for stealing large datasets and either selling them on dark web forums or using them for extortion.
For a financial services platform, this breach is especially serious. Betterment customers trust the platform with their investment portfolios, bank account linkages, Social Security numbers, and tax information. Any exposure of this data creates significant risks for financial fraud, tax identity theft, and unauthorized account access.
Who Is Affected
Approximately 1.4 million Betterment customers are affected. If you have or had a Betterment account, you should assume your data may have been compromised until the company provides more specific information about which accounts were involved.
What You Should Do
Change your Betterment password immediately and enable two-factor authentication if you haven’t already. Review your linked bank accounts for unauthorized transactions. Monitor your credit reports for new accounts opened in your name. If you provided your Social Security number to Betterment (required for investment accounts), consider placing a credit freeze with all three bureaus and requesting an IRS Identity Protection PIN for the upcoming tax season.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.