Figure Technology confirmed that some customer files were stolen after an employee was deceived, according to reports. The company says the intrusion occurred when an internal account was used to download a limited batch of recordings. The breach did not come from a flaw in its blockchain system, but from human error.
Reports indicate that the stolen material was later posted online by a hacker collective who claimed responsibility. The group reportedly leaked around 2.5GB of data after claiming ransom negotiations had failed. This public dump has quickly gained attention in the crypto and fintech space.
Customer names, contact details among the items on display
Based on reports examining samples of leaked files, the exposed data includes full names, home addresses, dates of birth, and phone numbers. These are the kinds of details often used in identity fraud or targeted scams.
The exact number of affected customers has not been made public. This missing figure leaves some uncertainty as to the extent of the possible consequences.
Security researchers warn that even when bank accounts or crypto wallets are not affected, personal data alone can create serious risks. Phishing calls, fake loan offers and account takeover attempts often follow this type of leak.
Total crypto market cap at $2.34 trillion on the daily chart: TradingView
Character affected by a social engineering attack
According to media coverage of the incident, the attackers used a social engineering method to gain access to an employee’s credentials or active session. Instead of cracking the code, they resorted to deception. Once inside, the files were downloaded via that employee’s access rights.
The company said it detected suspicious activity and decided to block it. External forensic specialists were brought in to review the system logs and determine what they had accessed. A wider internal review is also underway.
Image: CybersecAsia
ShinyHunters claimed responsibility for the breach on its leak site. The group has been linked to previous data exposures involving technology and financial companies. In this case, the data was made public after the payment requests were allegedly rejected.
Figure said it would notify customers whose information was involved. Free credit monitoring services are available to those who receive a demand letter. Data subjects are advised to monitor unusual activity and unsolicited messages.
Secure Funds and Core Services
Reports indicate that lending operations and on-chain systems were not breached. The core financial infrastructure of the platform was not described as affected. Yet the disclosure of personal records carries its own weight.
Financial companies remain frequent targets because they hold detailed customer files. A single employee account, if used incorrectly, can open a bigger door than expected. This lesson has resurfaced here.
Regulators may request more details in the coming weeks. Customers will wait for clearer figures. The long-term cost, both financial and reputational, will depend on the extent of the data release and how quickly protective measures are taken.
Featured image from Yahoo Finance, chart from TradingView
Editorial process as Bitcoinist focuses on providing thoroughly researched, accurate and unbiased content. We follow strict sourcing standards and every page undergoes careful review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance and value of our content to our readers.
