Brief
- Figure has confirmed a data breach, claiming an employee was deceived in a social engineering attack.
- The stolen files are believed to include names, addresses, dates of birth and phone numbers, according to a report.
- The publicly traded lender says it offers free credit monitoring to those affected.
Figure Technology confirmed Friday that it suffered a customer data breach after an employee was targeted in a social engineering attack.
Hacker group ShinyHunters claimed responsibility, saying Figure refused to pay a ransom and released 2.5 gigabytes of stolen data. TechCrunchwhich first reported the breach, said it reviewed some files, which included customers’ full names, home addresses, dates of birth and phone numbers.
“We recently identified that an employee had been the victim of social engineering, allowing an actor to upload a limited number of files through their account,” Figure said in a statement shared with Decrypt. “We acted quickly to block the activity and retained a forensic firm to investigate the affected files.”
Social engineering refers to attackers manipulating employees through deceptive emails, calls, or messages to gain access to company systems, often by tricking them into sharing their credentials or approving unauthorized requests.
A January report from Chainalysis said more than $17 billion worth of cryptocurrencies were stolen last year through AI-powered impersonation scams.
Data breaches remained widespread in 2025, with regulators recording more than 8,000 notifications related to more than 4,000 separate incidents affecting at least 374 million people, according to a December 2025 report from the Privacy Rights Clearinghouse.
Founded in 2018, Figure is a New York-based lender that runs its lending platform on the Provenance blockchain, focusing on home equity lines of credit. Figure went public in September 2025 under the symbol FIGR, raising $787.5 million in an IPO that valued it at approximately $5.3 billion.
Although the spokesperson declined to go into detail, a ShinyHunters member was quoted as saying TechCrunch The breach was part of a broader campaign targeting companies that rely on single sign-on provider Okta. Other alleged victims included Harvard University and the University of Pennsylvania.
Figure said it is communicating with partners and relevant parties, and is also implementing additional safeguards.
“We offer free credit monitoring to everyone who receives a notice,” the company said. “We continuously monitor accounts and have robust safeguards in place to protect customer funds and accounts.”
News of the data breach comes as Figure announced Friday the launch of a proposed secondary public offering of up to 4,230,000 shares of its Blockchain Series A common stock, with plans to repurchase up to $30 million of Class A stock from underwriters.
Figure’s stock ended the day up 3.57% at a price of $35.29, although it has fallen 37% over the past month.
Daily debriefing Newsletter
Start each day with the biggest news stories of the day, plus original features, a podcast, videos and more.
