Fintech Lender Figure Data Breach

The Figure Technology Solutions data breach, which exposed nearly 1 million user records, was executed through a social engineering attack, specifically a voice phishing (vishing) campaign. Attackers impersonated IT support to trick an employee into revealing credentials and multi-factor authentication codes. This gave them access to the employee's Single Sign-On (SSO) account. The exposed data includes names, dates of birth, email addresses, postal addresses, and phone numbers. Financial account information was not compromised. Figure is offering affected individuals complimentary credit monitoring services. The breach was claimed by the ShinyHunters hacking group, who leaked 2.5GB of data after an alleged extortion attempt failed. ShinyHunters has been linked to a broader campaign targeting financial technology firms through social engineering. Other victims of this campaign include Betterment, Crunchbase, and Panera Bread. Figure Technology Solutions, founded in 2018 by Mike Cagney and June Ou, is a fintech company specializing in blockchain-based home equity lending and mortgage services. The company went public in September 2025. Figure's technology is used by over 200 partners, including banks, credit unions, and mortgage brokers.