Fintech lending giant Figure confirms data breach

Figure Technology Solutions Inc. signage during the company's initial public offering at the Nasdaq MarketSite in New York, US, on Thursday, Sept. 11, 2025. (Image: Michael Nagle / Bloomberg / Getty Images) | Image Credits:Michael Nagle/Bloomberg / Getty Images

Figure Technology, a blockchain-based lending company, confirmed it experienced a data breach.

On Friday, Figure spokesperson Alethea Jadick told TechCrunch in a statement that the breach originated when an employee was tricked with a social engineering attack that allowed the hackers to steal “a limited number of files.”

The statement said the company is “with partners and those impacted,” and offering free credit monitoring “to all individuals who receive a notice.”

Figure’s spokesperson did not respond to a series of specific questions about the breach.

The hacking group ShinyHunters took responsibility for the hack on its official dark web leak website, saying the company refused to pay a ransom, and published 2.5 gigabytes of allegedly stolen data.

TechCrunch saw a portion of the data, which included customers’ full names, home addresses, dates of birth, and phone numbers.

A member of ShinyHunters told TechCrunch that Figure was among the victims of a hacking campaign that targeted customers who rely on the single sign-on provider Okta. Other victims of the campaign include Harvard University and the University of Pennsylvania (UPenn).