Figure Technology confirmed Friday that it suffered a customer data breach after an employee was targeted in a social engineering attack.

The hacking group ShinyHunters claimed responsibility, saying Figure refused to pay a ransom and that it published 2.5 gigabytes of stolen data. TechCrunch, which first reported on the breach, said that it reviewed some of the files, which included customers’ full names, home addresses, dates of birth, and phone numbers.

“We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account,” Figure said in a statement shared with Decrypt. “We acted quickly to block the activity and retained a forensic firm to investigate what files were affected.”



Social engineering refers to when attackers manipulate employees through deceptive emails, calls, or messages to gain access to corporate systems, often by tricking them into sharing credentials or approving unauthorized requests.

A January report by Chainalysis said that over $17 billion in crypto was stolen last year through AI-powered impersonation scams.

Data breaches remained widespread in 2025, with regulators logging more than 8,000 notification filings tied to over 4,000 separate incidents affecting at least 374 million people, according to a December 2025 report by the Privacy Rights Clearinghouse.

Founded in 2018, Figure is a New York–based lender that runs its loan platform on the Provenance blockchain, focusing on home equity lines of credit. Figure went public in September 2025 under the ticker FIGR, raising $787.5 million in an IPO that valued it at about $5.3 billion.

While the spokesperson declined to go into further detail, a member of ShinyHunters reportedly told TechCrunch the breach was part of a broader campaign targeting companies that rely on single sign-on provider Okta. Other alleged victims included Harvard University and the University of Pennsylvania.

Figure said it is communicating with partners and impacted parties, as well as implementing additional safeguards.

“We are offering complimentary credit monitoring to all individuals who receive a notice,” the company said. “We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts.”

The news of the data breach comes as Figure announced Friday the launch of a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock, with plans to repurchase up to $30 million of Class A shares from underwriters.

Figure's stock finished the day up 3.57% at a price of $35.29, though it has fallen 37% over the last month.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。