Figure Data Breach Linked to Employee Social Engineering and ShinyHunters Leak
Figure Technology Solutions, a blockchain-based lending/fintech firm, confirmed a data breach after an employee was socially engineered, enabling attackers to access and exfiltrate a limited number of files. The company said it is communicating with partners and impacted individuals, has begun sending notifications, and is offering free credit monitoring to recipients of breach notices; it has not publicly disclosed the total number of affected individuals or when the incident was detected.
The cybercrime group ShinyHunters claimed responsibility and alleged Figure refused to pay a ransom, publishing about 2.5GB of purportedly stolen data on its leak site. Journalists who reviewed samples reported the exposed data included names, home addresses, dates of birth, and phone numbers, increasing risk of identity fraud and follow-on phishing. ShinyHunters also told reporters the intrusion was part of a broader campaign affecting organizations including Harvard University and UPenn, and referenced victims that rely on Okta for single sign-on.
Related Entities
Threat Actors
Sources
Related Stories
Figure Technology Solutions Data Breach via Social Engineering
**Figure Technology Solutions** suffered a data breach in which attackers obtained and later publicly posted customer data. Reporting indicates the exposed dataset (dating back to **January 2026**) included roughly **967,200 accounts** / **900k+ unique email addresses**, along with **names, phone numbers, physical addresses, and dates of birth**. Figure confirmed the incident and attributed initial access to **social engineering**, stating an employee was tricked into providing access and that attackers stole a “limited number of files.” The **ShinyHunters** extortion group claimed responsibility and listed Figure on its leak site, alleging the leak included about **2.5GB** of data tied to loan applicants. The breach’s scale was corroborated by *Have I Been Pwned*’s publication of the incident details, while broader coverage noted Figure had not proactively disclosed the incident publicly at the time of reporting and that additional details (e.g., full scope and notification posture) were still emerging.
3 weeks ago
ShinyHunters Leaks Donor and Alumni Data Stolen from Harvard and UPenn
**ShinyHunters** published datasets it claims were stolen during prior breaches at **Harvard University** and the **University of Pennsylvania (UPenn)**, posting what it says are **over one million records from each university** to its leak site used for extortion. Reporting indicates the exposed information relates to the schools’ development/alumni functions; TechCrunch said it verified portions of the data by corroborating details with alumni and public records (including matching against student ID numbers). Both universities attributed the intrusions to **social engineering** targeting staff supporting alumni and fundraising operations. UPenn previously confirmed unauthorized access to “a select group” of systems tied to development and alumni activities and said attackers also used official university email addresses to message alumni about the incident. Harvard reported its Alumni Affairs and Development environment was accessed following a **phone/voice-phishing** attack, and its incident FAQ described impacted data as including contact details (email, phone, home/business addresses), event attendance, donation details, and other biographical and fundraising-related information; public reporting noted uncertainty about whether affected individuals would receive individual notifications under applicable state requirements.
1 months ago
ShinyHunters Claims Okta Vishing Campaign and Leaks Data from Crunchbase, Betterment, and SoundCloud
The **ShinyHunters** extortion group claimed responsibility for a recent **Okta SSO voice-phishing (vishing)** campaign used to steal authentication codes and access victim environments. The group told reporters and researchers it used vishing to obtain Okta single-sign-on codes to compromise **Crunchbase** and **Betterment**, and then published alleged stolen data after the organizations reportedly rejected extortion demands; ShinyHunters also said additional victims exist and that more disclosures are forthcoming. ShinyHunters published alleged datasets for **Crunchbase, Betterment, and SoundCloud** on a newly launched leak site, asserting the dumps contain **PII** and large record counts (reported as **>20 million** for Betterment, **~2 million** for Crunchbase, and **~30+ million** for SoundCloud). **SoundCloud** stated it is aware of data published online allegedly taken from its organization and said its security team, supported by third-party experts, is reviewing the claim and the posted data; ShinyHunters asserted SoundCloud access was *not* obtained via SoundCloud’s Okta credentials. SoundCloud had previously confirmed a breach affecting roughly **20% of users** (about **28 million** based on public user counts), while Crunchbase and Betterment had not publicly responded at the time of reporting.
1 months ago