top of page
Search

Fintech Firm Figure Discloses Data Breach After Phishing Attack

  • 5 days ago
  • 2 min read

Key Findings


  • Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack

  • Hackers were able to access and steal a limited number of files, including personally identifiable information (PII) of Figure's customers

  • The cybercrime group ShinyHunters claimed responsibility for the breach and released about 2.5GB of stolen data, which included names, addresses, birth dates, and phone numbers

  • Figure has started notifying affected individuals and is offering free credit monitoring to those who receive a breach notice

  • The company has not shared the number of impacted users or when the breach was discovered


Background


Figure Technology Solutions, Inc. is a US financial technology company established in 2018. It develops and operates blockchain-based platforms used in lending, capital markets, and asset management. The company offers consumer and institutional lending products such as HELOCs, cash-out refinancing, DSCR loans, and crypto-backed loans.


The Data Breach Incident


On Friday, Figure spokesperson Alethea Jadick told TechCrunch that the security breach occurred after an employee was tricked in a social engineering attack, allowing hackers to steal "a limited number of files." The cybercrime group ShinyHunters claimed responsibility for the breach on its dark web site, saying Figure refused to pay a ransom and releasing about 2.5GB of stolen data.


Impact and Response


TechCrunch reviewed samples of the stolen data, which showed names, addresses, birth dates, and phone numbers, raising risks of identity fraud and phishing. Figure has started notifying affected individuals and is offering free credit monitoring "to all individuals who receive a notice." The company has not shared the number of impacted users or when the breach was discovered.


Alleged Involvement of Okta


According to TechCrunch, a member of ShinyHunters told the publication that Figure was among the victims of a hacking campaign that targeted customers who rely on the single sign-on provider Okta.


Sources


  • https://securityaffairs.com/187988/data-breach/fintech-firm-figure-disclosed-data-breach-after-employee-phishing-attack.html

  • https://www.bitget.com/news/detail/12560605199558

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page