Figure Technology Breach Exposes Nearly 1 Million Accounts in Social Engineering Attack

Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. The breach, which occurred in February 2026, exposed sensitive data including names, phone numbers, physical addresses, dates of birth, and over 900,000 unique email addresses.

Social Engineering Attack Targets Employee

Figure Technology Solutions confirmed the incident was the result of a social engineering attack in which an employee was tricked into providing access to the company's systems. While the company initially described the breach as involving "a limited number of files," notification service Have I Been Pwned later revealed the full scope, reporting that data from 967,200 accounts was stolen.

"In February 2026, data obtained from the fintech lending platform Figure was publicly posted online," Have I Been Pwned stated. "The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth."

ShinyHunters Group Claims Responsibility

The ShinyHunters extortion group claimed responsibility for the breach and added Figure Technology to its dark web leak site, leaking 2.5GB of data allegedly stolen from thousands of loan applicants. This attack follows a pattern of similar breaches targeting high-profile organizations.

Part of Larger Vishing Campaign

In recent weeks, ShinyHunters has claimed responsibility for breaches at multiple organizations including Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, and CrowdStrike. While not all incidents are part of the same campaign, some victims were breached in a voice phishing (vishing) campaign targeting single sign-on (SSO) accounts.

The attackers impersonate IT support personnel, calling employees and tricking them into entering credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate their companies' login portals. Once inside, they gain access to the victim's SSO account, which provides access to other connected enterprise applications including Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Zendesk, Dropbox, Adobe, and Atlassian platforms.

Broader Impact and Industry Context

As part of this campaign, ShinyHunters also breached online dating giant Match Group, which owns multiple popular dating services including Tinder, Hinge, Meetic, Match.com, and OkCupid. The breach highlights the growing sophistication of social engineering attacks targeting financial technology companies that handle sensitive personal and financial data.

Figure Technology Solutions, founded in 2018, uses the Provenance blockchain for lending, borrowing, and securities trading. The company has unlocked over $22 billion in home equity with more than 250 partners, including banks, credit unions, fintechs, and home improvement companies.

Expert Recommendations

Cybersecurity experts emphasize the importance of employee training to recognize social engineering attempts, particularly vishing attacks. Organizations should implement strict verification procedures for IT support calls and consider additional authentication measures beyond traditional MFA. Regular security awareness training and simulated phishing exercises can help employees identify and report suspicious communications before they lead to breaches.

For affected individuals, experts recommend monitoring financial accounts for suspicious activity, enabling credit freezes if necessary, and being vigilant about potential phishing attempts using the stolen personal information. The combination of personal details obtained in this breach could be used for identity theft or targeted social engineering attacks against victims.