Blockchain-based lending firm Figure Technology confirmed on Friday, February 13, 2026, that it experienced a customer data breach following a social engineering attack targeting one of its employees.
The hacking group ShinyHunters claimed responsibility, alleging it released approximately 2.5 gigabytes of stolen data after the company declined to pay a ransom.
The incident adds to a broader wave of credential-based intrusions affecting organizations using third-party authentication systems.
How the Breach Occurred
According to company statements, the breach began when an employee was manipulated into granting unauthorized access. The attacker was able to download a “limited number of files” through the compromised account.
Figure spokesperson Alethea Jadick said the suspicious activity was detected and blocked shortly after it began. The company engaged a forensic investigation firm to assess the scope of the exposure and identify precisely which files were accessed.
The leaked materials reviewed by investigators and media outlets reportedly include sensitive personal data such as:
- Full names
- Home addresses
- Dates of birth
- Phone numbers
The extent of financial data exposure has not been publicly detailed.
Broader Campaign Linked to Okta Users
A member of ShinyHunters claimed the incident is part of a larger campaign targeting organizations that use Okta single sign-on services.
Other institutions reportedly affected in the same campaign include Harvard University and University of Pennsylvania. While the specific technical vectors may vary by organization, the pattern suggests attackers are exploiting credential access workflows rather than breaching core infrastructure directly.
Company Response and Mitigation
Figure stated that it has initiated direct outreach to partners and individuals potentially impacted by the breach. The company is offering free credit monitoring services to anyone who receives a formal notification.
Additionally, the firm has engaged cybersecurity specialists to strengthen internal safeguards and evaluate system vulnerabilities exposed during the incident.
Structural Implications
The attack underscores the persistent risk posed by social engineering, particularly in organizations handling sensitive financial data. Even when core systems remain uncompromised, employee-level credential access can create meaningful exposure.
As investigations continue, the primary focus will remain on containment, customer notification, and reinforcing authentication protocols to prevent similar incidents in the future.
