Figure Technology Solutions, a blockchain-based lending platform, has suffered a data breach after attackers linked to the ShinyHunters group published stolen customer data online.
The incident, which exposed nearly one million records, has been attributed to a social engineering attack targeting a company employee.
The breach came to light after the hacking group ShinyHunters listed Figure on its dark web leak site, claiming responsibility for the intrusion and alleging that the company refused to pay a ransom demand. According to the group, approximately 2.5 gigabytes of data were exfiltrated and subsequently published.
TechCrunch first reported on the incident on February 13, 2026, after receiving confirmation from Figure’s spokesperson, Alethea Jadick. In a statement provided to the outlet, Jadick said the breach originated when an employee was deceived in a social engineering attack that enabled unauthorized access to “a limited number of files.” The company said it is communicating with partners and affected individuals and is offering free credit monitoring services to those who receive a notification. However, Figure did not respond to detailed questions about the scope of the breach, and as of today, the company has not published a dedicated breach notice on its website.
Figure Technology Solutions Inc., founded in 2018 and headquartered in San Francisco, is a major fintech lender that leverages blockchain technology to streamline home equity lines of credit, mortgage refinancing, and personal loans. The company went public in September 2025 and has positioned itself as a technology-driven alternative to traditional financial institutions, serving hundreds of thousands of customers across the United States.
Independent confirmation of the breach surfaced on February 18, 2026, when the incident was added to the data breach notification service Have I Been Pwned (HIBP). According to HIBP, the exposed dataset contains 967,200 unique email addresses and dates back to January 2026, when the breach occurred. The compromised information includes:
- Full names
- Email addresses
- Phone numbers
- Physical addresses
- Dates of birth
It is important to note that the inclusion of the dataset into HIBP is based on verification processes designed to assess data authenticity, though such inclusion does not constitute official confirmation by the affected company. The service has begun notifying impacted email addresses through its standard alerting system.
ShinyHunters has claimed that Figure was targeted as part of a broader campaign aimed at organizations using the single sign-on provider Okta. Other alleged victims of the same campaign include Harvard University and the University of Pennsylvania.
The exposure of personal data significantly increases the risk of identity theft, phishing, and social engineering attacks against affected individuals. Even in the absence of financial account numbers or passwords, this type of data can be weaponized in targeted fraud schemes or used to bypass identity verification checks.
Customers who believe they may be affected should maintain high alertness for phishing emails or phone scams impersonating Figure representatives.
Leave a Reply