FINTECH firm Figure confirmed a data breach after hackers used social engineering to trick an employee, allowing access to a limited number of files. According to a company spokesperson, Figure began notifying affected individuals and is offering free credit monitoring to those who receive a breach notice, though the company has not shared how many users were impacted or when the breach was discovered.
The cybercrime group ShinyHunters claimed responsibility for the breach on its dark web site, saying Figure refused to pay a ransom and releasing about 2.5GB of stolen data. TechCrunch reviewed samples showing names, addresses, birth dates and phone numbers, raising risks of identity fraud and phishing. The incident followed inquiries from the media, and Figure stated it was communicating with partners and those impacted as part of its remediation. The report, dated 14 February 2026, notes Figure provides blockchain-based HELOCs and operates in lending and asset management.