Fintech firm Figure disclosed data breach after employee phishing attack
Fintech firm Figure disclosed data breach after employee phishing attack
Publish Date: 2026-02-14 12:10:33
Source Domain: securityaffairs.com
Summary:
Fintech firm Figure experienced a data breach after hackers employed social engineering tactics to trick an employee, which resulted in hackers gaining access to a limited number of files. Initially, the cybersecurity breach came to light through a statement from Figure, which confirmed the incident but did not disclose the extent of the data compromised. Following inquiries from TechCrunch, Figure identified the cybersecurity group ShinyHunters as the perpetrators, who allegedly stole personally identifiable information (PII). Figure spokesperson Alethea Jadick reported that the hackers released about 2.5GB of data, including names, addresses, birth dates, and phone numbers, raising concerns about identity fraud and phishing. The firm has launched its efforts to contact those affected, offering free credit monitoring for those notified of the breach. While the total number of individuals impacted remains undisclosed, the firm is working with both its partners and impacted customers to manage the fallout from this security breach.
Key Points:
- A social engineering attack on an employee led to a data breach affecting Figure, a US-based fintech firm.
- Hackers, identified as the group ShinyHunters, stole and released a limited amount of data including names, addresses, birth dates, and phone numbers.
- Figure has initiated communication with affected individuals and is providing free credit monitoring.
- The breach appears to be related to a broader hacking campaign targeting customers who use the single sign-on Okta provider.
- While Figure has not revealed the exact number of users affected, efforts to manage and mitigate the breach’s impact are underway.
