Figure Technology Suffers Customer Data Breach

- The breach was claimed by the "ShinyHunters" hacker group, who leaked over 2.4GB of data after Figure reportedly did not meet ransom demands. This incident is part of a wider voice phishing campaign targeting employees at companies using Okta's single sign-on services. - Approximately 967,000 customer records were compromised, with exposed data including names, dates of birth, email and physical addresses, and phone numbers. Figure has stated that financial account details and Social Security numbers were not accessed. - The timing of the breach was particularly sensitive for Figure, as it coincided with the pricing and execution of a secondary stock offering. The company had gone public in September 2025. - Figure is a significant player in the real-world asset (RWA) tokenization space, utilizing its proprietary Provenance Blockchain for loan origination, securitization, and trading. In 2025, the Provenance Blockchain was reported to hold the largest volume of real-world financial assets among public blockchains. - The company recently launched an On-Chain Public Equity Network (OPEN) to allow for the direct issuance, trading, and settlement of tokenized equities on the Provenance blockchain, bypassing traditional intermediaries. - In August 2025, Figure merged with its former subsidiary, Figure Markets, to unify its lending, trading, and yield-generation functions on the Provenance Blockchain. It also received SEC approval for a public, yield-bearing stablecoin, $YLDS. - The social engineering attack tricked an employee into providing access, allowing the hackers to log in with legitimate credentials and download files, rather than exploiting a technical software vulnerability. - In response to the breach, Figure has engaged a third-party forensic firm, is notifying affected individuals, and is offering complimentary credit monitoring services.