Heads up: this post contains affiliate links. If you click through them we may earn a small commission at no cost to you. We only recommend tools and services we've actually tried. Full disclosure →

If you’re considering linking your bank accounts to Empower (formerly Personal Capital), you’re rightly checking its safety record first. Empower is a large, regulated company — but no platform is risk-free. This guide covers what’s actually known: financial strength, regulatory oversight, the breach history (no major customer-data breach disclosed), the lawsuits filed, Reddit consensus, and how Empower compares to alternatives like Fidelity Full View on safety.

For broader context, see Is Empower Worth It?.

📊 Try Empower Free →

Free dashboard · Eligibility and terms apply

What’s in this guide

The short answer

Empower is reasonably safe. The combination of:

  1. Regulated parent company — Empower Retirement is one of the largest retirement-plan administrators (~$1.5T+ AUM), heavily regulated by federal and state authorities.
  2. No publicly disclosed major customer data breach as of this writing.
  3. Read-only data access — Empower can’t move money in your accounts.
  4. Bank-grade encryption for data in transit and at rest.

The risk profile is comparable to Mint (when it existed), Rocket Money, and other major personal finance apps. Lawsuits exist (more on this below) but they relate to advisory and 401(k) administration disputes, not data security failures.

Who actually owns and operates Empower

Empower Retirement, LLC is the parent. It’s a major U.S. retirement-plan administrator (one of the top 5 by AUM). Owned by Great-West Lifeco Inc. (a major financial services company).

Empower acquired Personal Capital in August 2020 for $825 million. The Personal Capital app was rebranded to Empower Personal Wealth (Personal Dashboard for the free tools, Personal Wealth for the paid advisory).

This matters because:

  • Empower is a regulated financial entity with massive AUM.
  • Subject to federal regulation (SEC for advisory, ERISA for 401(k) administration).
  • Subject to state insurance regulators (Great-West owns insurance subsidiaries).
  • Required to maintain financial reserves and operational standards.

This isn’t a startup; Empower is established with billions in operations.

Empower’s regulatory oversight

Multiple regulators oversee Empower’s operations:

  1. SEC — for the advisory services (Empower Personal Wealth is a registered investment advisor).
  2. State Insurance Commissioners — for Great-West insurance subsidiaries.
  3. DOL (Department of Labor) — for 401(k) administration under ERISA.
  4. State securities regulators — in each state where Empower operates.
  5. FINRA — for broker-dealer activities of Empower’s subsidiaries.

This is heavy regulation, similar to the major brokers (Fidelity, Schwab, Vanguard).

Has Empower had a data breach

As of this writing (mid-2026), Empower (the financial services company) has not had a publicly disclosed major customer-data breach.

Important disambiguation: A separate, unrelated company called “Empower Management Group LLC” (a payment-processing/merchant-services firm) disclosed a breach of 6,331 individuals to the Texas Attorney General on October 9, 2024. This is NOT the Empower financial services company (Empower Retirement / Personal Capital) covered in this article. Different entities, different industries, no relationship.

There have been routine cybersecurity incidents (employee phishing attempts, unauthorized access attempts) — common across all major financial firms. Empower’s response has been routine: customer notifications where appropriate, credential resets, etc.

For comparison:

  • Personal Capital (Empower’s predecessor) — no major breach in its history.
  • Fidelity, Vanguard, Schwab — none have had major customer-data breaches in their respective histories.
  • Plaid (the data aggregator) — no public security breach. Note: Plaid paid a $58M class-action settlement with final approval in July 2022 (In re Plaid Inc. Privacy Litigation, N.D. Cal.) for alleged collection of more banking data than apps required. Not a breach but worth knowing if you care about data-handling history.
  • Yodlee (Empower’s aggregator) — clean record.

A major breach at Empower would likely trigger immediate regulatory scrutiny and SEC disclosure, so the absence of disclosed breaches is meaningful.

Empower lawsuits explained

Multiple lawsuits have been filed against Empower entities. Most fall into specific categories:

  1. ERISA / 401(k) administration disputes: claims by 401(k) plan participants alleging excessive fees or breach of fiduciary duty in 401(k) plans Empower administers. Common across the industry.

  2. Investment advisory disputes: claims by Empower Personal Wealth clients about specific investment outcomes or fee disclosures.

  3. Employment lawsuits: separate from customer issues; common across all large companies.

  4. Williams-Linzey et al. v. Empower Advisory Group (D.N.J., filed Aug 15, 2025): ERISA class action by Schlichter Bogard alleging Empower used participant data to push higher-fee managed accounts (allegedly up to ~1.35%). Status: active as of May 2026.

These lawsuits are publicly accessible records. Some have been settled, some dismissed, some pending.

Important context: lawsuit filings are not proven facts. Many lawsuits are filed by plaintiff attorneys; many are dismissed. Settlements often happen because settling is cheaper than litigation, not necessarily because the claims have merit.

For specific lawsuit details, search PACER (court records) or recent legal news.

Reddit consensus on Empower

Aggregated Reddit threads on r/personalfinance, r/investing, r/PersonalCapital:

On the free dashboard: Generally positive. Most users praise the visualizations, retirement planner, and Fee Analyzer.

On the paid advisory: Mixed-to-negative. Common complaints: high fees (0.89% AUM), aggressive sales calls, advisory not better than DIY index investing.

On 401(k) administration: Mixed. Users praise the platform availability; complain about high plan fees and sometimes-confusing fund choices.

On the rebrand from Personal Capital: Mixed. Some users prefer the old branding; others note the platform is the same.

On data security: Mostly positive. No widespread complaints about data security.

Common complaint patterns

Beyond the lawsuit-related issues, common day-to-day complaints:

  1. Advisory sales calls after signing up for free dashboard — Empower aggressively pursues users with $100K+ for advisory.
  2. Yodlee sync delays — some bank accounts sync poorly or stop syncing.
  3. Net worth calculations occasionally wrong — Yodlee misclassifies accounts or values.
  4. Limited customer service for free users — paid users get more support.
  5. App login issues — periodic sync problems with bank accounts.

None of these are catastrophic; mostly user-experience friction.

Read-only vs. read-write access

Empower’s bank account access is READ-ONLY through Yodlee.

This means:

  • Empower can view your transactions, balances, and holdings.
  • Empower cannot transfer money, withdraw, deposit, or initiate any action that moves your funds.
  • Empower cannot change your bank settings.

If a hacker compromised Empower tomorrow, the worst they could do is see your transaction history. They couldn’t drain your accounts.

This is the same as Mint (when it existed), Rocket Money, and Monarch.

Yodlee — the data aggregator

Empower uses Yodlee (now Envestnet | Yodlee) as its data aggregator, similar to how most apps use Plaid.

Yodlee’s profile:

  • Founded 1999.
  • Owned by Envestnet (taken private by Bain Capital in late 2024).
  • Serves 600+ banks and aggregators.
  • Strong security record.
  • Bank-grade encryption.

Yodlee handles your bank credentials directly (Empower never sees your password). If a Yodlee credential is compromised, the attacker would need to bypass your bank’s 2FA to do anything malicious.

Track your full picture in one free dashboard Empower’s free Personal Dashboard tracks net worth, retirement readiness, and fees across your bank, brokerage, and 401(k) accounts. Try Empower Free →

Steps to minimize your risk

If you’re using Empower or considering it:

  1. Strong unique password for Empower — different from your bank password.
  2. Enable 2FA on your bank — biggest single risk reducer.
  3. Use a password manager (1Password, Bitwarden).
  4. Review Empower’s account activity monthly — catch any suspicious behavior.
  5. Don’t reuse the same email + password anywhere.
  6. Disconnect accounts you don’t need linked.
  7. Update the app when prompted.
  8. Be wary of phishing — Empower doesn’t email asking for your bank password.
  9. Set bank alerts for large transactions.
  10. Periodically check breach databases like haveibeenpwned.com.

How Empower compares on safety

EmpowerFidelity Full ViewMint (sunset)Rocket MoneyMonarch
Data aggregatorYodleeFidelity’s own + PlaidPlaidPlaidPlaid
Read-only?
EncryptionAES-256AES-256Was AES-256AES-256AES-256
Breach recordCleanCleanWas cleanCleanClean
OwnerGreat-West (regulated)Fidelity (private)Was Intuit (public)Rocket (public)Privately held
RegulatorMultiple (SEC, DOL, state)MultipleWas multipleMultipleState
App qualityExcellentGoodWas goodGoodExcellent

All major personal finance apps have similar security architecture. Empower’s regulatory oversight (SEC, DOL, state) is on the higher end.

Empower is safe enough for typical users. The free dashboard is genuinely free with no obligation, and the read-only access via Yodlee mitigates most risks. If you're security-conscious, treat it like any major financial app — strong unique passwords, 2FA on your bank, monitor for suspicious activity.

Try Empower Free →

FAQ

Has Empower’s data been hacked?

No major customer data breach has been publicly disclosed as of this writing.

Are the lawsuits a sign of broader problems?

Lawsuits are common at all major financial firms. Empower’s lawsuit volume is consistent with peers.

Will Empower sell my data?

Empower’s privacy policy states they don’t sell personal data. They use it to identify advisory candidates.

Should I avoid linking my bank because of Yodlee?

Yodlee has a clean record. Most major personal finance apps use it or similar aggregators (Plaid).

What if my Empower password gets stolen?

Reset it immediately. Then verify your bank accounts haven’t been compromised (separate event). Yodlee’s tokens for your bank don’t expose the bank password to attackers.

Can hackers transfer money out of my Empower account?

For free dashboard users — no, it’s read-only. For advisory clients — your assets are at Schwab; an Empower hack doesn’t directly grant access to Schwab.

Is Empower better or worse than Mint was on safety?

Comparable. Both used standard bank-grade encryption. Mint sunset for strategic reasons, not security failures.

Will Empower notify me of a data breach?

Yes, by law and policy. They’d notify affected customers + regulators within required timeframes.

Can I cancel Empower because of safety concerns?

Yes — anytime. See How to Cancel Empower.

Should I get cybersecurity insurance for using Empower?

Probably not specifically for Empower. If you’re high-net-worth, consider general identity theft insurance or umbrella cyber coverage.


Related reading: