Figure Fintech Data Breach Affects Nearly 1 Million User Accounts

Post Views: 15

Figure Technology Solutions Suffers Data Breach

A recent data breach at Figure Technology Solutions, a financial technology company that leverages blockchain for lending and securities trading, has resulted in the theft of personal and contact information from nearly 1 million accounts.

Incident Details

The incident occurred in February 2026, when attackers employed social engineering tactics to gain unauthorized access to the company’s systems.

According to Figure, the breach was limited to a small number of files, but notification service Have I Been Pwned has reported that data from 967,200 accounts was compromised.

The exposed data includes names, phone numbers, physical addresses, and dates of birth, all of which date back to January 2026.

ShinyHunters Claims Responsibility

The ShinyHunters extortion group has claimed responsibility for the breach, adding Figure to its dark web leak site and releasing 2.5GB of allegedly stolen data from thousands of loan applicants.

This incident is part of a larger campaign by ShinyHunters, which has also targeted companies such as Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, and CrowdStrike in recent weeks.

Attackers’ Tactics

The attackers’ tactics involve voice phishing, or vishing, where they impersonate IT support personnel and trick employees into divulging credentials and multi-factor authentication codes on phishing sites that mimic company login portals.

Once inside, the attackers gain access to the victim’s single sign-on (SSO) account, which provides them with access to other connected enterprise applications and services, including Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Zendesk, Dropbox, Adobe, and Atlassian.

Figure’s Blockchain Technology

Figure uses the Provenance blockchain for its financial services, which include lending, borrowing, and securities trading.

The company has unlocked over $22 billion in home equity with over 250 partners, including banks, credit unions, fintechs, and home improvement companies.

Significance of the Breach

The breach at Figure is a significant incident, given the sensitive nature of the data compromised and the potential consequences for the affected individuals.

As the use of blockchain technology becomes more widespread in the financial sector, the importance of robust security measures to prevent such breaches cannot be overstated.

Related Development

In a related development, ShinyHunters also breached online dating giant Match Group, which owns popular dating services such as Tinder, Hinge, Meetic, Match.com, and OkCupid.

The group’s campaign has highlighted the vulnerabilities of SSO accounts and the need for organizations to implement effective security controls to prevent similar breaches.

Conclusion

The incident serves as a reminder of the importance of vigilance in the face of increasingly sophisticated cyber threats.

As the threat landscape continues to evolve, organizations must remain proactive in their approach to security, investing in robust measures to protect sensitive data and prevent breaches.