Massive Data Breach at Figure Exposes Nearly One Million Customers
In a significant cybersecurity incident, blockchain-based lending giant Figure has suffered a data breach affecting approximately 967,200 customers. The breach, attributed to the cybercrime group ShinyHunters, has raised serious concerns about data security within the fintech industry.
Details of the Breach
Figure, known for its innovative use of blockchain technology in lending services, confirmed last week that unauthorized access led to the theft of a limited number of files from its systems. However, the company did not disclose specific details regarding the nature of the data compromised or the exact number of customers affected.
Security researcher Troy Hunt, creator of the data breach notification site Have I Been Pwned, analyzed the data allegedly stolen from Figure. His findings revealed that the breach exposed 967,200 unique email addresses associated with Figure customers. Additionally, the compromised data included sensitive personal information such as names, dates of birth, physical addresses, and phone numbers.
Perpetrators and Their Methods
The cybercrime group ShinyHunters has claimed responsibility for the attack on Figure. This group is notorious for infiltrating corporate databases and exfiltrating sensitive information. In this instance, ShinyHunters published 2.5 gigabytes of data allegedly stolen from Figure on their leak website. Such platforms are commonly used by cybercriminals to shame victims and release stolen data when extortion attempts fail.
Implications for Customers
The exposure of personal information places affected customers at an increased risk of identity theft, phishing attacks, and other forms of cyber fraud. Personal data, when in the hands of malicious actors, can be exploited to gain unauthorized access to financial accounts, commit fraud, or even sell the information on dark web marketplaces.
Figure’s Response
As of now, Figure has not responded to requests for comments regarding the breach and has not confirmed or disputed the findings presented by Hunt. The company’s silence has left customers seeking clarity and assurance about the security of their personal information.
Industry Context
This incident is part of a troubling trend of data breaches targeting financial institutions and fintech companies. For instance, in August 2025, Allianz Life disclosed a data breach affecting 1.1 million customers, where hackers accessed personal information stored on a cloud-based customer relationship database. Similarly, in May 2025, Coinbase reported a data breach impacting at least 69,000 customers, with hackers obtaining personal and financial information over several months.
Preventive Measures and Recommendations
In light of this breach, it is imperative for customers to take proactive steps to protect their personal information:
– Monitor Financial Accounts: Regularly review bank statements and credit reports for any unauthorized activities.
– Change Passwords: Update passwords for online accounts, especially if the same credentials are used across multiple platforms.
– Enable Two-Factor Authentication (2FA): Add an extra layer of security to accounts by enabling 2FA where available.
– Be Vigilant Against Phishing Attempts: Exercise caution with unsolicited communications requesting personal information or containing suspicious links.
Conclusion
The data breach at Figure underscores the critical importance of robust cybersecurity measures within the fintech sector. As financial institutions increasingly rely on digital platforms, ensuring the security of customer data must be a top priority. Customers are advised to remain vigilant and take necessary precautions to safeguard their personal information in the wake of such incidents.
