-
Figure confirms breach of customer data after employee-targeted attack.
-
ShinyHunters claims a 2.5GB leak as the lender offers credit monitoring for affected users.
-
Figure announces a breach as it plans a secondary stock offering and repurchase of $30M shares.
Figure Technology, a publicly-traded blockchain-based lender revealed that hackers gained access to customer information after a targeted employee was the victim of a social engineering scam. The company said that the incident allowed a limited number files containing personal information to be downloaded by an unauthorized actor.
In a press release, Figure stated that it had identified an employee who was socially engineered. This allowed an external actor access to files through the account of the employee. The company said it acted quickly to stop the activity and retained an independent forensic firm to identify which files were affected.
ShinyHunters, a hacking group, claimed responsibility for this breach. TechCrunch reviewed samples of exposed data and found that the exposed files contained customers’ full names as well as their home addresses, dates-of-birth, and phone numbers. ShinyHunters claimed that Figure refused to pay a extortion and that approximately 2,5 gigabytes were published.
Figure did not confirm how much data was involved, but said that it would notify the affected individuals and offer complimentary credit monitoring services.
Related: Former Indian employee of Coinbase arrested in major data breach case
Campaign Context and Industry Broader
TechCrunch reported that a member of ShinyHunters told them that the breach was part of a larger campaign targeting organizations who rely on Okta, a single sign-on provider. Harvard University and University of Pennsylvania were also cited as alleged victims in the report.
Social engineering attacks usually involve deceptive messages, emails, or phone calls designed to trick employees into sharing credentials or granting access to systems. A report released by Chainalysis in January found that over $17 billion worth of cryptocurrency was stolen through AI-powered impersonation schemes last year.
Data breaches are still widespread. A report published by the Privacy Rights Clearinghouse in December 2025 recorded more than 8,500 notification filings relating to over 4,400 separate incidents. This affected at least 374,000,000 people.
Background of the Company and Market Reaction
Figure, founded in 2018, operates its lending platform using the Provenance Blockchain and focuses on home-equity lines of credit. The New York-based firm went public under the ticker “FIGR” in September 2025, raising $787.5 in an initial public offer that valued it at around $5.3 billion.
The breach disclosure coincided Figure’s announcement that it would be launching a secondary public offering up to 4,230,000 Series A Blockchain Common Shares. The company plans to repurchase Class A shares worth up to $30 million from underwriters.
Related 16 Billion Passwords Leaked in Largest Breach ever–Apple Google and Facebook Users at Risk
This site is for entertainment only. Click here to read more
