Figure Technology Solutions Data Breach via Social Engineering
Figure Technology Solutions suffered a data breach in which attackers obtained and later publicly posted customer data. Reporting indicates the exposed dataset (dating back to January 2026) included roughly 967,200 accounts / 900k+ unique email addresses, along with names, phone numbers, physical addresses, and dates of birth. Figure confirmed the incident and attributed initial access to social engineering, stating an employee was tricked into providing access and that attackers stole a “limited number of files.”
The ShinyHunters extortion group claimed responsibility and listed Figure on its leak site, alleging the leak included about 2.5GB of data tied to loan applicants. The breach’s scale was corroborated by Have I Been Pwned’s publication of the incident details, while broader coverage noted Figure had not proactively disclosed the incident publicly at the time of reporting and that additional details (e.g., full scope and notification posture) were still emerging.
Related Entities
Threat Actors
Sources
1 more from sources like techcrunch com security
Related Stories
Figure Data Breach Linked to Employee Social Engineering and ShinyHunters Leak
**Figure Technology Solutions**, a blockchain-based lending/fintech firm, confirmed a **data breach** after an employee was **socially engineered**, enabling attackers to access and exfiltrate a **limited number of files**. The company said it is communicating with partners and impacted individuals, has begun sending notifications, and is offering **free credit monitoring** to recipients of breach notices; it has not publicly disclosed the total number of affected individuals or when the incident was detected. The cybercrime group **ShinyHunters** claimed responsibility and alleged Figure refused to pay a ransom, publishing about **2.5GB** of purportedly stolen data on its leak site. Journalists who reviewed samples reported the exposed data included **names, home addresses, dates of birth, and phone numbers**, increasing risk of identity fraud and follow-on phishing. ShinyHunters also told reporters the intrusion was part of a broader campaign affecting organizations including **Harvard University** and **UPenn**, and referenced victims that rely on **Okta** for single sign-on.
1 months ago
Betterment and CarGurus Data Breach Claims Involving Stolen Customer and Corporate Records
Fintech platform **Betterment** reported a January 2026 social-engineering incident in which an employee was tricked into providing credentials that enabled unauthorized access to internal messaging systems via third-party tools. Betterment said it detected and contained the access the same day, launched an external forensic investigation, and later indicated the incident affected roughly **1.4 million customers**; exposed data included names, email addresses, and location data broadly, with a smaller subset including phone numbers, physical addresses, dates of birth, job titles, and device details. Betterment stated that **no financial accounts, logins, or passwords** were accessed, but warned that the stolen PII was used to send **crypto-scam messages** impersonating Betterment to pressure users into transferring funds. Separately, the extortion group **ShinyHunters** claimed it stole **1.7 million CarGurus corporate records** and threatened to leak the data if the company did not engage by a stated deadline; the criminals alleged the haul included PII and internal corporate data, and CarGurus had not publicly confirmed the claim at the time of reporting. The same reporting tied the CarGurus claim to a broader run of ShinyHunters-related leak-site postings and extortion threats against other organizations, with at least one victim (Canada Goose) indicating that data recently published online may have been **historical** rather than from a new intrusion.
3 weeks ago
CarGurus Customer Data Leak Attributed to ShinyHunters
**CarGurus** customer data was published online in a leak attributed to the **ShinyHunters** extortion group, exposing roughly **12.4–12.5 million** accounts. A **6.1GB** archive was posted and subsequently ingested by *Have I Been Pwned* (HIBP) after validation checks; HIBP reported the dataset includes **email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs**, and additional sensitive business/transactional fields such as **finance pre-qualification application data, finance application outcomes, dealer account details, subscription information**, and account ID mappings. HIBP indicated about **70%** of the data had appeared in prior breaches already tracked by the service, implying roughly **3.7 million** records may be newly exposed; the public availability of the dataset increases risk of **targeted phishing and fraud** using the enriched identity and financing-related attributes. CarGurus had not publicly confirmed the incident at the time of reporting and did not respond to media requests, while HIBP and reporting attributed the breach to ShinyHunters, a group known for **social engineering/vishing-style** intrusions and subsequent extortion/leak tactics. Separate ShinyHunters-linked incidents reported in the same period included **Wynn Resorts** confirming theft of employee data following an extortion threat, and **Optimizely** disclosing a breach tied to a **voice-phishing** attack that exposed limited business contact information; these are distinct events and do not change the core CarGurus exposure but reinforce the group’s ongoing operational tempo and reliance on social engineering to obtain access and data for leverage.
2 weeks ago