What Happened
In February 2026, blockchain-based lending company Figure Technology (figure.com) suffered a data breach when hackers from the ShinyHunters group used a social engineering attack to compromise an employee’s account, allowing them to steal a limited number of files totaling about 2.5 GB of customer data, which was later leaked on a dark web site after Figure refused to pay a ransom. The exposed data included customers’ full names, home addresses, dates of birth, and phone numbers, posing risks of identity fraud and phishing, though the exact number of affected records was not disclosed by the company. Figure confirmed the incident on February 13, notified impacted partners and individuals, and offered free credit monitoring to those receiving breach notices, while the attack was linked to a broader campaign targeting Okta single sign-on users, including Harvard University and the University of Pennsylvania.
