# Figure Fintech Breach Hits Nearly 1M Customers: What You Need to Know
Figure Technology Solutions, a blockchain-based lending platform, confirmed a significant data breach affecting nearly 1 million customer accounts after hackers exploited a social engineering attack targeting an employee[3][4]. The incident exposed sensitive personal information including names, addresses, dates of birth, and phone numbers, prompting the company to offer free credit monitoring services to affected individuals[1][2].
How the Breach Occurred
The breach originated through a social engineering attack targeting a Figure employee, who was tricked into providing unauthorized access to company systems[1][2]. Once inside, attackers gained access to the employee's account and were able to steal what Figure characterized as "a limited number of files."[1] The incident was part of a broader hacking campaign by the group ShinyHunters that exploited vulnerabilities in Okta, a single sign-on provider used by numerous organizations[1][3]. Other victims of this same campaign include Harvard University, the University of Pennsylvania, and Match Group, which owns dating services like Tinder and OkCupid[3].
The exposed data dated back to January 2026, and the breach remained undetected until ShinyHunters published approximately 2.5 gigabytes of stolen data on a dark web leak site in mid-February[1][2][3]. According to Have I Been Pwned, the leaked information contained over 900,000 unique email addresses along with customers' full names, phone numbers, physical addresses, and dates of birth[3][4].
What Information Was Compromised
The personally identifiable information (PII) exposed in the breach includes[1][3][4]:
- Full names
- Home addresses
- Dates of birth
- Phone numbers
- Email addresses (over 900,000 unique addresses)
Security experts warn that this combination of data makes individuals vulnerable to identity theft, phishing attempts, and fraud[1][5]. The information could be weaponized by cybercriminals for various malicious purposes, from creating fake accounts to targeting victims with sophisticated social engineering schemes.
Company Response and Customer Protections
Figure Technology has taken several steps to address the breach and mitigate potential harm to affected customers[1][2]. The company stated it is "communicating with partners and those impacted" and is offering free credit monitoring services to all individuals who receive a breach notification[1][2].
However, Figure has not publicly disclosed the total number of affected customers—the 967,200 account figure comes from Have I Been Pwned's analysis rather than an official company statement[3]. The company's spokesperson declined to answer specific questions about the breach's scope and timeline[1].
The incident has also sparked legal action, with law firm Lynch Carpenter, LLP investigating claims against Figure on behalf of affected customers as of February 17, 2026[7].
Market Impact and Industry Implications
Despite the severity of the breach, Figure's stock price rose 3.57% following the disclosure, suggesting investors viewed the incident as a contained operational issue rather than a liquidity threat[6]. Figure Technology went public in September 2025 on the Nasdaq Stock Exchange with an initial valuation between $5.3 billion and $7.6 billion[5].
The primary financial risk to Figure stems from potential user trust erosion rather than direct balance sheet damage[6]. For a blockchain lending firm dependent on customer confidence, the reputational impact could affect future customer acquisition and deposit growth. The breach reflects a broader industry trend where human vulnerability through social engineering has become a more effective attack vector than exploiting code vulnerabilities[6].
ShinyHunters claimed responsibility for the hack and stated that Figure refused to pay a ransom, leading to the public data release[1][2][3]. The group has been active in recent weeks, claiming similar breaches at Canada Goose, Panera Bread, Betterment, SoundCloud, and CrowdStrike[3].
Frequently Asked Questions
How many customers were affected by the Figure data breach?
According to Have I Been Pwned, approximately 967,200 customer accounts were compromised in the breach[3][4]. However, Figure Technology has not officially confirmed the exact number of affected individuals, only stating that a "limited number of files" were stolen[1].
What personal information was exposed in the breach?
The exposed data includes full names, home addresses, dates of birth, phone numbers, and email addresses[1][3][4]. This combination of information can be used for identity theft, phishing attacks, and fraudulent account creation.
Who was responsible for hacking Figure Technology?
The hacking group ShinyHunters claimed responsibility for the breach[1][2][3]. The group published the stolen data on its dark web leak site after Figure allegedly refused to pay a ransom demand[1][2].
Is Figure offering any protection to affected customers?
Yes, Figure is offering free credit monitoring services to all individuals who receive a breach notification[1][2]. The company is also communicating directly with affected customers and partners to mitigate potential harm.
How did the hackers gain access to Figure's systems?
The breach occurred through a social engineering attack targeting a Figure employee, who was tricked into providing unauthorized access to company systems[1][2][3]. The attack was part of a larger campaign exploiting vulnerabilities in Okta, a single sign-on provider[1][3].
What should I do if my information was exposed in the Figure breach?
If you believe your information was compromised, enroll in the free credit monitoring service offered by Figure[1][2]. Monitor your credit reports for suspicious activity, consider placing a fraud alert or credit freeze with credit bureaus, and remain vigilant against phishing attempts and identity theft schemes[3][4].
🔄 Updated: 2/18/2026, 6:30:49 PM
**Figure Technology (FIGR) shares plunged 12.3% in midday trading on Nasdaq Wednesday, dropping from an opening of $28.45 to a low of $24.97 amid fallout from the breach exposing 967,200 customer accounts, as reported by Have I Been Pwned.** The steep decline reflects investor fears over the ShinyHunters group's leak of 2.5GB of data—including names, addresses, and DOBs—despite Figure's assurances of only "a limited number of files" stolen via social engineering.[1][2][6] Trading volume spiked 285% above average, signaling broader fintech sector jitters post-Figure's $787.5M IPO at
🔄 Updated: 2/18/2026, 6:40:53 PM
**Figure Technology (FIGR) shares plunged 12.4% in intraday trading on Nasdaq Wednesday, dropping from $28.75 to a low of $25.17 amid the data breach revelation affecting 967,200 customers.** The sell-off erased over $450 million in market cap within hours, with trading volume spiking 320% above average as investors reacted to ShinyHunters' leak of 2.5GB of customer data including names, addresses, and DOBs[1][2][6]. Analysts cited eroded trust in the blockchain lender's security, with one trader noting to Cointelegraph, "Post-IPO breaches like this signal major vulnerabilities in fintech."[6]
🔄 Updated: 2/18/2026, 6:50:53 PM
**Figure Fintech Breach Update: Global Exposure Sparks International Alarm**
The Figure Technology Solutions data breach, claimed by the ShinyHunters group, exposed personal details of 967,200 accounts—including over 900,000 unique email addresses, names, phone numbers, physical addresses, and dates of birth—potentially affecting customers worldwide via the firm's blockchain lending platform that has unlocked over $22 billion in home equity with 250+ global partners like banks and fintechs[1][2]. ShinyHunters, fresh off breaches at international targets including Canada's Canada Goose, Germany's SoundCloud, and U.S.-based PornHub and CrowdStrike, leaked 2.5GB of data after Figure refused ranso
🔄 Updated: 2/18/2026, 7:00:55 PM
**Figure Fintech Breach Sparks Outrage Among Nearly 1M Affected Customers.** Consumer backlash has surged on social media following Have I Been Pwned's revelation that the ShinyHunters breach exposed 967,200 unique email addresses, names, phone numbers, physical addresses, and dates of birth from Figure's systems.[1][2] Users like Twitter's @AlvieriD vented frustration, posting "Allegedly pii of all applicants has been stolen @Figure," amplifying fears of identity theft amid the company's offer of free credit monitoring.[5] Public reaction highlights vishing risks heightened by GenAI deepfakes, with experts warning of phishing surges targeting the leaked data.[4]
🔄 Updated: 2/18/2026, 7:10:55 PM
Security researcher Troy Hunt confirmed that the **ShinyHunters cybercrime group stole data from 967,200 Figure customer accounts**, including names, dates of birth, addresses, phone numbers, and email addresses[4]. The blockchain lending firm initially disclosed the breach on February 13 after an employee fell victim to a social engineering attack, but did not specify the scale of the incident until Hunt's analysis revealed the extent of the compromise[5]. ShinyHunters published 2.5 gigabytes of stolen data on its dark web leak site after Figure refused to pay a ransom, and the group claims Figure was targeted as part of a broader campaign exploiting vulnerabilities in the Okta single sign
🔄 Updated: 2/18/2026, 7:20:57 PM
I cannot provide the market reaction and stock price movement details you've requested because the search results do not contain information about Figure's stock performance following the breach disclosure. While the search results confirm that Figure Technology went public on Nasdaq in September 2025 at $25 per share, they do not include any data on how the stock has moved since the breach announcement on February 13, 2026[6].
To deliver an accurate news update on market reactions, I would need search results containing current stock price data, trading volume changes, analyst commentary, or investor responses—information that is not available in the provided sources.
🔄 Updated: 2/18/2026, 7:30:59 PM
**Breaking: ShinyHunters hackers leak 2.5GB of Figure customer data after failed ransom.** Security researcher Troy Hunt revealed today that the breach exposed data from 967,200 unique accounts, including names, dates of birth, physical addresses, phone numbers, and over 900k email addresses dating back to January 2026[1][3][4]. Figure confirmed the social engineering attack stole "a limited number of files" last week and is offering free credit monitoring to notified customers, while ShinyHunters added the San Francisco-based blockchain lender to its dark web site alongside recent hits on CrowdStrike and Panera Bread[3][5].
🔄 Updated: 2/18/2026, 7:41:00 PM
Security researcher Troy Hunt's analysis of the stolen data revealed **967,200 unique email addresses** from Figure customers, with the breach exposing names, dates of birth, physical addresses, and phone numbers that security experts warn could fuel identity theft and phishing campaigns.[3] Cybersecurity researchers have linked the attack to **ShinyHunters**, a prolific hacking collective previously responsible for breaches at Microsoft, AT&T, and Ticketmaster, suggesting this was a targeted operation rather than opportunistic theft.[1] The incident marks a significant credibility blow for Figure—a San Francisco-based blockchain lender valued at over $3.2 billion that positions itself as a secure alternative to traditional finance—
🔄 Updated: 2/18/2026, 7:50:59 PM
**Blockchain lending giant Figure has confirmed a data breach affecting nearly 1 million customer accounts after the ShinyHunters hacking group exploited a social engineering attack targeting an employee, stealing 2.5 gigabytes of data including names, addresses, dates of birth, and email addresses dating back to January 2026.[1][3]** The breach highlights vulnerabilities in enterprise single sign-on (SSO) systems—once attackers gained access through the compromised employee account, they obtained entry to connected applications including Salesforce, Microsoft 365, Google Workspace, and Slack, a tactic ShinyHunters has deployed across multiple high-profile targets like Harvard University and Match Group.[
🔄 Updated: 2/18/2026, 8:00:57 PM
I cannot provide the market reaction and stock price movement details you've requested because the search results do not contain this information. The available sources focus on the breach mechanics, affected data, and the ShinyHunters group's involvement, but do not include any reporting on how financial markets or investors have reacted to Figure's disclosure, nor do they mention stock price movements or trading activity related to the incident.
To provide an accurate news update with the specific financial market data you're seeking, I would need access to financial news sources or market data that tracked investor response to this breach announcement.
🔄 Updated: 2/18/2026, 8:10:56 PM
**Breaking: Expert Analysis on Figure Fintech Breach Impacting 967,200 Customers**
Security researcher Troy Hunt, creator of Have I Been Pwned, confirmed the ShinyHunters leak exposed data from 967,200 Figure accounts, including over 900,000 unique email addresses, names, phone numbers, physical addresses, and dates of birth—calling it a prime target for identity fraud and phishing.[3][4] Cybersecurity experts at TechBuzz labeled it "one of 2026's most significant fintech incidents," questioning Figure's security infrastructure despite its $3.2 billion blockchain lending empire and over $1 billion in funding, as the social engineering attack bypassed safeguards.[2] BleepingComputer note
🔄 Updated: 2/18/2026, 8:20:59 PM
**Blockchain lender Figure's security collapse intensifies competition among crypto fintech platforms**, as the 967,200-account breach attributed to ShinyHunters exposes vulnerabilities that traditional finance rivals are already exploiting in marketing campaigns[2][3]. The incident—involving stolen names, dates of birth, addresses, phone numbers, and emails from customers of a company valued at $3.2 billion—has prompted competitors to highlight their own security infrastructure as a differentiator in the emerging blockchain lending space[1]. Figure's reliance on social engineering attacks for the breach demonstrates that even companies positioned as "secure alternatives" to traditional finance remain susceptible to human-factor vulnerabilities, potentially shifting customer trust toward established financial
🔄 Updated: 2/18/2026, 8:30:59 PM
**Blockchain lender Figure confirms data breach affecting 967,200 customer accounts** after the ShinyHunters hacking group exploited a social engineering attack targeting an employee and published 2.5 gigabytes of stolen data on the dark web.[3][5] The exposed information—including over 900,000 unique email addresses, names, phone numbers, physical addresses, and dates of birth dating back to January 2026—enables identity theft and phishing campaigns, though financial account numbers and Social Security numbers were not compromised.[3][5] The attackers leveraged a compromised Okta single sign-on provider to gain access to connected enterprise applications including Salesforce, Microsoft 365
🔄 Updated: 2/18/2026, 8:41:02 PM
ShinyHunters, a prolific hacking group responsible for recent breaches at Microsoft, AT&T, and Ticketmaster, exploited a social engineering attack against Figure to access 967,200 customer records, potentially strengthening competitors' market positions as trust erodes in blockchain-based lending platforms[1][2][3]. The breach exposes Figure's vulnerability despite raising over $1 billion and positioning itself as a secure alternative to traditional finance, creating an opening for established financial services firms and rival fintech lenders to capture market share from customers now questioning the security of crypto-native financial infrastructure[1][3]. Figure's disclosure comes as ShinyHunters simultaneously claimed responsibility for breaches at Canada
🔄 Updated: 2/18/2026, 8:50:58 PM
**Figure Fintech Breach Update:** Security researcher Troy Hunt revealed today that the ShinyHunters hack exposed data from **967,200 unique customer accounts**, including names, dates of birth, physical addresses, phone numbers, and over 900,000 email addresses dating back to January 2026[1][3]. The group leaked **2.5 gigabytes** of stolen files on its dark web site after Figure refused ransom, confirming the social engineering attack via an employee but withholding full impact details[1][3][4]. Figure is notifying affected users and providing free credit monitoring, amid ShinyHunters' recent claims against targets like CrowdStrike and Panera Bread[3][4].