Figure Technology Confirms Data Breach After Social Engineering Attack
Figure Technology, a blockchain-based lending firm, has acknowledged a data breach following a social engineering attack that tricked an employee into granting hackers access. The company stated that a "limited number of files" were stolen, though it has not specified which types of sensitive data such as names, addresses, Social Security numbers, or financial details may have been exposed. Affected individuals and partners are being notified, with free credit monitoring offered to those impacted.
The cybercrime group ShinyHunters claimed responsibility for the attack, releasing approximately 2.5GB of stolen data on the dark web after Figure refused to pay a ransom. A review of the leak by TechCrunch confirmed the exposure of customer names, home addresses, dates of birth, and phone numbers. ShinyHunters reportedly targeted companies using Okta, an identity management service, with other victims including Harvard University and the University of Pennsylvania.
The group employs a "double extortion" tactic, stealing data before demanding payment and threatening public release if demands are not met. Security researchers note that such attacks often exploit weak passwords, third-party vulnerabilities, or unsecured storage systems.
The breach adds to growing concerns over crypto fraud and identity theft, as financial institutions remain prime targets due to the sensitive data they hold. A Chainalysis report revealed that criminals stole over $17 billion in crypto last year, with scammers increasingly using AI to craft convincing impersonation schemes. Meanwhile, Privacy Rights Clearinghouse reported over 8,000 breach notifications in 2025, linked to more than 4,000 hacking incidents and exposing the personal information of at least 374 million people.
Despite the breach, Figure’s stock rose 3.57% on Friday, closing at $35.29, though shares remain down 37% over the past month. The company recently announced plans to sell up to 4.23 million additional shares and may repurchase up to $30 million of another stock class.
Source: https://www.livebitcoinnews.com/blockchain-lender-figure-confirms-customer-data-breach/
Figure Technology TPRM report: https://www.rankiteo.com/company/figuretechnologies
Okta TPRM report: https://www.rankiteo.com/company/Okta
"id": "figOkt1771086860",
"linkid": "figuretechnologies, Okta",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Affected individuals and '
'partners (number unspecified)',
'industry': 'Blockchain-based lending, Financial '
'Services',
'name': 'Figure Technology',
'type': 'Company'}],
'attack_vector': 'Social Engineering',
'customer_advisories': 'Affected individuals and partners notified, free '
'credit monitoring offered',
'data_breach': {'data_exfiltration': 'Yes (2.5GB of data released on the dark '
'web)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information - PII)',
'type_of_data_compromised': ['Customer names',
'Home addresses',
'Dates of birth',
'Phone numbers',
'Potentially Social Security '
'numbers',
'Potentially financial details']},
'description': 'Figure Technology, a blockchain-based lending firm, confirmed '
'a data breach following a social engineering attack that '
'tricked an employee into granting hackers access. A limited '
'number of files were stolen, and affected individuals and '
'partners are being notified with free credit monitoring '
'offered. The cybercrime group ShinyHunters claimed '
'responsibility and released approximately 2.5GB of stolen '
'data on the dark web after Figure refused to pay a ransom.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to data '
'exposure and ransomware tactics',
'data_compromised': 'Customer names, home addresses, dates of '
'birth, phone numbers, and potentially other '
'sensitive data (e.g., Social Security '
'numbers, financial details)',
'identity_theft_risk': 'High (exposure of PII)',
'payment_information_risk': 'Potential (unspecified financial '
'details)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (2.5GB of data '
'released)',
'entry_point': 'Social engineering attack on '
'employee, potential exploitation of '
'Okta identity management service'},
'motivation': 'Financial gain (ransom), data extortion',
'post_incident_analysis': {'root_causes': 'Social engineering, potential weak '
'passwords or third-party '
'vulnerabilities (Okta)'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes (amount unspecified)',
'ransom_paid': 'No'},
'references': [{'source': 'TechCrunch'},
{'source': 'Chainalysis report'},
{'source': 'Privacy Rights Clearinghouse'}],
'response': {'communication_strategy': 'Notifying affected individuals and '
'partners, offering free credit '
'monitoring'},
'threat_actor': 'ShinyHunters',
'title': 'Figure Technology Data Breach After Social Engineering Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Employee deception, potential weak passwords or '
'third-party vulnerabilities (Okta identity '
'management service)'}