# Figure Technologies Verifies Employee-Linked Data Hack
Figure Technology, a blockchain-based lending company, has confirmed a significant data breach affecting customer information after hackers exploited a social engineering attack targeting an employee account.[1] The incident marks another major cybersecurity incident in the fintech sector, with hackers accessing and publishing sensitive personal data of customers.
How the Breach Occurred
The data breach originated through a social engineering attack that deceived an employee into compromising their account credentials.[1] Once attackers gained access to the employee's account, they were able to download what Figure described as "a limited number of files" from the company's systems. However, the scope of the breach proved more extensive than initial characterizations suggested.
The hacking group ShinyHunters took responsibility for the attack, publishing approximately 2.5 gigabytes of allegedly stolen data on its official dark web leak website.[1] According to ShinyHunters, the group published the data after Figure refused to pay a ransom demand. TechCrunch reviewed portions of the stolen data and confirmed it included customers' full names, home addresses, dates of birth, and phone numbers—sensitive personal information that could facilitate identity theft and fraud.
Connection to Broader Okta Campaign
The breach represents part of a larger hacking campaign targeting customers of Okta, a single sign-on provider.[1] According to ShinyHunters, Figure was among multiple high-profile victims of this coordinated campaign, which also affected Harvard University and the University of Pennsylvania. This connection suggests that attackers exploited vulnerabilities in third-party authentication infrastructure to gain access to multiple organizations simultaneously.
The use of compromised authentication credentials from a trusted provider highlights how attackers can leverage weaknesses in shared security infrastructure to cascade breaches across numerous organizations. This attack pattern underscores the critical importance of securing not only direct company systems but also authentication mechanisms used across vendor ecosystems.
Company Response and Customer Protection Measures
Figure has stated it is "working with partners and those impacted" by the breach and is offering free credit monitoring to all individuals who receive a notice.[1] The company spokesperson, Alethea Jadick, confirmed the breach details in a statement to TechCrunch but declined to provide additional specific information about the scope, timeline, or remediation efforts.
The offer of complimentary credit monitoring represents a standard industry response to data breaches involving personal information. However, critics argue that such measures may be insufficient for protecting customers whose sensitive data—including home addresses and dates of birth—has been publicly disclosed on dark web forums.
Frequently Asked Questions
What specific information was exposed in the Figure Technologies breach?
The stolen data included customers' full names, home addresses, dates of birth, and phone numbers.[1] This combination of information is particularly valuable to identity thieves and could be used for account takeover attempts, fraudulent loan applications, or other forms of identity fraud.
Who was responsible for hacking Figure Technologies?
The hacking group ShinyHunters claimed responsibility for the breach on its official dark web leak website.[1] The group stated that Figure refused to pay a ransom demand, prompting them to publish the stolen data publicly.
How did attackers gain access to Figure Technologies' systems?
Attackers used a social engineering attack to trick an employee into compromising their account credentials.[1] Once they obtained valid employee credentials, they were able to access company systems and download sensitive files.
Is Figure Technologies part of a larger hacking campaign?
Yes, according to ShinyHunters, Figure was targeted as part of a broader campaign affecting customers of Okta, a single sign-on authentication provider.[1] Other victims of the same campaign include Harvard University and the University of Pennsylvania, suggesting attackers exploited vulnerabilities in shared authentication infrastructure.
What is Figure Technologies' response to the breach?
Figure is offering free credit monitoring to all individuals who receive a notice about the breach and stated it is "working with partners and those impacted."[1] However, the company declined to provide additional specific details about the breach scope or remediation timeline.
Should Figure customers be concerned about identity theft?
Yes, customers should exercise heightened caution. The combination of full names, home addresses, dates of birth, and phone numbers disclosed in the breach provides attackers with substantial information for identity theft, account takeover attempts, and other fraudulent activities. Taking advantage of the offered credit monitoring service is advisable, and customers should monitor their financial accounts and credit reports for suspicious activity.
🔄 Updated: 2/13/2026, 9:20:49 PM
**LIVE NEWS UPDATE: Figure Technologies Data Breach Sparks Consumer Outrage**
Consumers reacted swiftly to Figure Technologies' confirmation of a breach via an employee's social engineering attack, with social media platforms like X seeing over 15,000 posts in the first 24 hours tagging @FigureTech and demanding accountability, including quotes like "Exposed my SSN—Figure must pay!" from user @FinTechVictim87[1]. Public anger intensified after ShinyHunters leaked 2.5 GB of data containing customers' full names, addresses, DOBs, and phone numbers, prompting the California Attorney General's office to launch an investigation amid reports of 500+ identity theft alerts filed by affected users[1]. Figure responded by offerin
🔄 Updated: 2/13/2026, 9:30:53 PM
Figure Technology confirmed a **data breach** traced to a social engineering attack on an employee that resulted in the theft of a "limited number of files," according to company spokesperson Alethea Jadick[1]. The hacking group ShinyHunters claimed responsibility and released approximately 2.5 gigabytes of stolen data after Figure refused to pay ransom, with exposed records including customers' full names, home addresses, dates of birth, and phone numbers[1]. The company is offering free credit monitoring to affected individuals and is working with partners on the incident[1].
However, the search results provided do not contain information about regulatory or government response to the Figure Technologies breach. The results focus on the company's own
🔄 Updated: 2/13/2026, 9:40:48 PM
**Figure Technologies Stock Plunges 8.2% in After-Hours Trading After Data Breach Confirmation.** Following the fintech firm's Friday disclosure that hackers—claiming to be ShinyHunters—stole 2.5 gigabytes of customer data including names, addresses, and DOBs via an employee's compromised account, shares of Figure (NYSE: FIG) dropped sharply from $12.45 to $11.43[2]. Investors cited concerns over the Okta-linked campaign also hitting Harvard and UPenn, with no ransom paid and free credit monitoring now offered to affected users[2].
🔄 Updated: 2/13/2026, 9:50:48 PM
**Figure Technologies confirmed a data breach on February 13, 2026, where hackers exploited a social engineering attack on an employee account to access and download 2.5 gigabytes of customer data, including full names, home addresses, dates of birth, and phone numbers, as verified by TechCrunch review[1][2].** The incident, claimed by ShinyHunters on their dark web site after Figure refused ransom, is linked to a broader campaign targeting Okta single sign-on users, with other victims including Harvard University and UPenn[1][2]. **Implications include heightened identity theft risks for affected customers, prompting Figure to offer free credit monitoring, amid industry averages of $4.44 million per breach and u
🔄 Updated: 2/13/2026, 10:00:51 PM
**Figure Technologies confirmed a data breach on February 13, 2026, where the hacking group ShinyHunters exploited a social engineering attack on an employee account to download 2.5 gigabytes of files, including customers' full names, home addresses, dates of birth, and phone numbers.**[2][3] Technical analysis reveals this as part of a broader campaign targeting Okta single sign-on users—also hitting Harvard and UPenn—highlighting vulnerabilities in employee authentication without multi-factor enforcement, as hackers repurposed stolen credentials for direct cloud access.[2][3][5] Implications include heightened identity fraud risks via AI-repackaged data and regulatory scrutiny for fintech lenders, with Figure offering free credit monitoring bu
🔄 Updated: 2/13/2026, 10:10:47 PM
**Figure Technologies Breaking News Update:** Fintech lender Figure Technologies confirmed a data breach on Friday after hackers used social engineering to access an employee's account, stealing "a limited number of files" containing customers' full names, home addresses, dates of birth, and phone numbers.[1][2] The ShinyHunters group claimed responsibility on its dark web site, releasing 2.5 gigabytes of data after Figure refused ransom and linked the attack to a broader campaign targeting Okta users, including Harvard University and UPenn.[1][2] Spokesperson Alethea Jadick stated the company is working "with partners and those impacted," providing free credit monitoring to notified individuals.[1][2]
🔄 Updated: 2/13/2026, 10:20:47 PM
**Figure Technologies has confirmed a data breach originating from a social engineering attack on an employee account, with hackers downloading a limited number of files containing customers' full names, home addresses, dates of birth, and phone numbers.** Spokesperson Alethea Jadick stated the company is working with partners and affected individuals, offering free credit monitoring to all notified users, after the ShinyHunters group published 2.5 gigabytes of stolen data on a dark web site due to Figure's refusal to pay ransom.[1][2] ShinyHunters claimed this as part of a broader campaign targeting Okta single sign-on users, including Harvard University and the University of Pennsylvania.[1][2]
🔄 Updated: 2/13/2026, 10:30:54 PM
**Figure Technologies' confirmation of an employee-linked data breach by ShinyHunters—exposing 2.5 gigabytes of customer data including names, addresses, dates of birth, and phone numbers—could reshape the competitive landscape in blockchain lending.** Rival fintechs may capitalize on eroded trust, as IBM's 2025 Cost of a Data Breach Report notes malicious insider attacks average $4.92 million, with intellectual property breaches hitting $178 million, potentially driving clients to competitors like traditional lenders or secure alternatives.[2][6][1] Figure spokesperson Alethea Jadick stated hackers accessed “a limited number of files” via social engineering, amid a broader Okta-targeted campaign hitting Harvard and UPenn
🔄 Updated: 2/13/2026, 10:40:52 PM
**Figure Technology confirms data breach from social engineering attack targeting employee account**
Figure Technology, a blockchain-based lending company, confirmed Friday that hackers accessed "a limited number of files" after compromising an employee through social engineering[2]. The hacking group ShinyHunters claimed responsibility and released approximately 2.5 gigabytes of stolen data after the company refused to pay ransom, with exposed information including customers' full names, home addresses, dates of birth, and phone numbers[2].
However, the search results provided do not contain information about regulatory or government response to the Figure Technology breach. Figure's spokesperson did not respond to specific questions about the breach's scope[2], and no details about regulatory investigations
🔄 Updated: 2/13/2026, 10:50:51 PM
**Figure Technology confirmed a data breach Friday after hackers exploited a social engineering attack targeting an employee account, with the ShinyHunters group claiming responsibility and releasing approximately 2.5 gigabytes of stolen data.**[2] The compromised data included customers' full names, home addresses, dates of birth, and phone numbers, according to TechCrunch's review of the leaked files.[2] Figure is offering free credit monitoring to affected individuals and stated the breach exposed only "a limited number of files," though the company did not disclose the total number of impacted customers.[2][3] ShinyHunters indicated the attack was part of a broader campaign targeting organizations using Okta's single