Publicly Traded Blockchain Lender Figure Confirms Customer Data Breach
Figure Technology confirmed a data breach after an employee fell victim to a social engineering attack. The hacking group ShinyHunters claimed responsibility, publishing 2.5 GB of stolen data including customers’ names, addresses, birth dates, and phone numbers, after Figure refused to pay a ransom. Figure acted to block the attack, brought in a forensic firm, and is notifying affected parties while offering free credit monitoring. The breach reportedly exploited vulnerabilities linked to single sign-on provider Okta and is part of a wider campaign affecting other organizations. Figure, a New York–based blockchain lender focused on home equity lines of credit, recently went public and announced a secondary offering alongside the breach disclosure. The company is enhancing security measures to better protect customer accounts.
