Simply put
- Figure confirmed that it experienced a data breach due to a social engineering attack that targeted its employees.
- The files that were stolen included personal information such as names, addresses, dates of birth, and phone numbers.
- The publicly traded financial company is offering free credit monitoring to those affected by the breach.
Figure Technology admitted on Friday that its employees fell victim to a social engineering attack which led to the exposure of customer data.
The hacker collective Shiny Hunters took responsibility, alleging that Figure did not meet their ransom demands and instead released 2.5 gigabytes of compromised data. The company, which initially revealed the breach, reviewed the stolen files, finding customer names, addresses, birth dates, and phone numbers.
In a statement, Figure explained, “We recently discovered that an employee had been socially engineered, allowing an attacker to download a limited number of files through that account.” They acted promptly, hiring a forensic firm to examine which files had been impacted.
Social engineering refers to tactics used by attackers to infiltrate a company’s systems, often through deceptive emails, phone calls, or messages that mislead employees into revealing sensitive information or authorizing fraudulent actions.
A January report from Chainalysis indicated that over $17 billion in cryptocurrencies were stolen due to identity fraud powered by AI last year.
Data breaches continue to be a significant issue in 2025, with regulators recording over 8,000 notifications linked to more than 4,000 separate incidents, affecting at least 374 million individuals, according to a report from December 2025.
Figure, founded in 2018 and based in New York, operates a loan platform that focuses on blockchain technology for home equity lines of credit. They went public in September 2025, raising $787.5 million in their IPO, which valued the company at about $5.3 billion.
A spokesperson declined to provide additional information, but a member of Shiny Hunters claimed that this breach was part of a larger campaign aimed at companies using the single sign-on provider Okta, with other targets reportedly including Harvard University and the University of Pennsylvania.
Figure stated they are in communication with relevant partners and affected individuals, implementing further safety measures.
The company announced it is “offering free credit monitoring to all individuals who receive a notification.” They added that they are monitoring accounts closely and have strong protections in place for customer funds and accounts.
The data breach was revealed alongside news of Figure announcing a proposed secondary public offering of up to 4.23 million shares of Series A blockchain common stock and plans to buy back up to $30 million in Class A shares from the underwriters.
Figure’s stock increased by 3.57% to close at $35.29, although it has dropped 37% over the past month.
