Figure recently disclosed a security breach resulting from a social engineering attack that targeted one of its employees. The company is currently investigating the incident and has begun notifying affected individuals while providing credit monitoring services.
Figure Technology Solutions is a financial technology firm founded in 2018 that utilizes blockchain technology to manage lending and asset management services. Based in the United States, the company operates platforms designed for both individual consumers and institutional clients. Its primary offerings include home equity lines of credit, debt refinancing, and a specialized credit marketplace known as Figure Connect.
The breach was confirmed following reports that an unauthorized party gained access to the company's internal systems by deceiving a staff member. According to official statements, the hackers were able to exfiltrate a limited number of files during the intrusion. While the company has not specified the exact date the breach was discovered or the total number of people affected, it has maintained that it is working closely with partners to address the situation.
In response to the incident, the firm has initiated a formal notification process for those whose data may have been compromised. Impacted individuals are being offered complimentary credit monitoring services as a precautionary measure. A company spokesperson emphasized that they are communicating directly with those involved and are assessing the full scope of the data loss to ensure future security protocols are strengthened.
The cybercriminal entity known as ShinyHunters has claimed responsibility for the attack on its dark web platform. The group alleged that Figure declined to pay a ransom demand, leading the hackers to leak approximately 2.5 gigabytes of stolen data. Despite these claims, the company continues to focus on its internal recovery efforts and the protection of its user base through ongoing monitoring and support.
Source: Fintech Firm Figure Discloses Data Breach After Employee Phishing Attack