Massive Data Breach Hits Figure Technology Solutions
Figure Technology Solutions, a blockchain-based lender, has fallen prey to a significant data breach incident. Almost 1 million customer accounts have been compromised by a data breach extortion group. The attacker, known as ShinyHunters, has leaked personal information such as names, physical addresses, phone numbers, dates of birth, and approximately 967,000 unique email addresses. The data breach notification service, Have I Been Pwned, added this incident to its database on Wednesday.
How ShinyHunters Bypassed Security Measures
The modus operandi of ShinyHunters has not been exploiting technical vulnerabilities but rather manipulating employees using social engineering tactics. Instead of directly hacking into computer systems, they impersonate IT staff to trick employees into handing over credentials. In this particular incident, the breach occurred when an employee was socially engineered, thereby enabling the threat actor to download a limited number of files through the employee’s account.
Company’s Response to the Data Breach
A spokesperson for Figure stated that the company reacted swiftly to block the activity and hired a forensic firm to investigate the affected files. They emphasized the importance of these matters and assured that they are communicating with partners and those impacted as necessary. In light of the incident, the company is implementing additional safeguards and training to further strengthen its defenses.
ShinyHunters’ Claims and Mockery
ShinyHunters claimed that it stole over 1 million records with personally identifiable information. The group also published screenshots of internal Slack conversations between Figure employees discussing the threat actor’s tactics. The group mocked Figure’s management by stating that the company “decided to waste time and hide instead because their leadership is a mess.”
Previous Incidents Involving ShinyHunters
This incident follows a similar data breach at robo-advisor Betterment, for which ShinyHunters also claimed responsibility. According to a report from Google Threat Intelligence, these breaches are part of a broader campaign of social engineering. The report noted that threat actors associated with ShinyHunters have escalated operations using sophisticated voice phishing, or “vishing.”
Impact on Figure’s Financial Operations
The data breach couldn’t have come at a worse time for Figure Technology Solutions. The company recently completed its initial public offering (IPO) and is currently in the middle of a secondary stock offering. Despite the data breach incident, Figure reported strong financial results for its first quarter as a publicly-traded company. The net income more than tripled year over year to $90 million for the third quarter of 2025, according to a November earnings release. On Feb. 13, the same day the data breach occurred, Figure announced the launch of a secondary public offering of over 4 million shares of its stock.
Figure’s Measures to Protect Customers
In the face of the breach, Figure is offering complimentary credit monitoring to all individuals who received a notice. The company reassured its customers, stating, “We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts.” Figure claims to be the largest nonbank home equity line of credit lender in the U.S. and is committed to maintaining and improving its security measures to prevent any future breaches.
For more information, check the source Here.
