Figure Technology Solutions Data Breach via Social Engineering
Figure Technology Solutions suffered a data breach in which attackers obtained and later publicly posted customer data. Reporting indicates the exposed dataset (dating back to January 2026) included roughly 967,200 accounts / 900k+ unique email addresses, along with names, phone numbers, physical addresses, and dates of birth. Figure confirmed the incident and attributed initial access to social engineering, stating an employee was tricked into providing access and that attackers stole a “limited number of files.”
The ShinyHunters extortion group claimed responsibility and listed Figure on its leak site, alleging the leak included about 2.5GB of data tied to loan applicants. The breach’s scale was corroborated by Have I Been Pwned’s publication of the incident details, while broader coverage noted Figure had not proactively disclosed the incident publicly at the time of reporting and that additional details (e.g., full scope and notification posture) were still emerging.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Have I Been Pwned adds the Figure breach
On February 26, 2026, Have I Been Pwned published the Figure breach, stating that data from more than 900,000 unique email addresses had been publicly posted online in February 2026. The breach entry said Figure confirmed the incident resulted from an employee-targeted social engineering attack.
Researchers determine breach exposed 967,200 Figure accounts
On February 18, 2026, reporting citing analysis by security researcher Troy Hunt said the exposed dataset contained data from 967,200 accounts, including more than 900,000 unique email addresses as well as names, phone numbers, physical addresses, and dates of birth. This provided a fuller picture of the breach's scale than Figure's initial description.
Figure confirms breach and begins notifying affected parties
By February 18, 2026, Figure confirmed the breach, said only a limited number of files were taken, attributed the incident to social engineering, and stated it was notifying affected individuals and partners. The company also offered free credit monitoring while its investigation continued.
ShinyHunters claims Figure breach and leaks 2.5 GB of data
In February 2026, the ShinyHunters extortion group claimed responsibility for the Figure incident, listed the company on its leak site, and published about 2.5 GB of allegedly stolen data after an apparent extortion attempt. Reports said the leaked material included customer personal and contact information.
Employee social engineering attack compromises Figure systems
In January 2026, Figure said an employee was deceived in a social engineering attack that granted attackers unauthorized access to company systems. The intrusion led to theft of customer-related files and data dating back to that month.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Almost 1M accounts affected by Figure breach | SC Media
scworld.com
Open sourceFigure Data Breach Exposes Nearly 1 Million Customers Online
techrepublic.com
Open sourceteiss - News - Nearly 1 million accounts exposed in Figure Technology data breach claimed by ShinyHunters
teiss.co.uk
Open sourceData breach at fintech firm Figure affects nearly 1 million accounts
bleepingcomputer.com
Open sourceData breach at fintech giant Figure affects close to a million customers | TechCrunch
techcrunch.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Figure Data Breach Linked to Employee Social Engineering and ShinyHunters Leak
**Figure Technology Solutions**, a blockchain-based lending/fintech firm, confirmed a **data breach** after an employee was **socially engineered**, enabling attackers to access and exfiltrate a **limited number of files**. The company said it is communicating with partners and impacted individuals, has begun sending notifications, and is offering **free credit monitoring** to recipients of breach notices; it has not publicly disclosed the total number of affected individuals or when the incident was detected. The cybercrime group **ShinyHunters** claimed responsibility and alleged Figure refused to pay a ransom, publishing about **2.5GB** of purportedly stolen data on its leak site. Journalists who reviewed samples reported the exposed data included **names, home addresses, dates of birth, and phone numbers**, increasing risk of identity fraud and follow-on phishing. ShinyHunters also told reporters the intrusion was part of a broader campaign affecting organizations including **Harvard University** and **UPenn**, and referenced victims that rely on **Okta** for single sign-on.
Mar 21, 2026
Social Engineering Breaches Exposed Customer Data at Figure and Allianz Life
Figure and Allianz Life disclosed separate breaches in which attackers used **social engineering** to gain access to systems holding large volumes of customer data. Figure said an employee was deceived into granting access, leading to the public posting of a dataset from January 2026 that contained more than **900,000 unique email addresses** as well as names, phone numbers, physical addresses, and dates of birth. Allianz Life reported that a cyberattack in July 2025 targeted data stored on **Salesforce** and was later followed by the online leak of **1.1 million unique email addresses**. The exposed Allianz Life records also included names, genders, dates of birth, phone numbers, and physical addresses, underscoring how social engineering attacks continue to drive large-scale exposure of sensitive personal information across financial services firms.
Mar 27, 2026
Betterment and CarGurus Data Breach Claims Involving Stolen Customer and Corporate Records
Fintech platform **Betterment** reported a January 2026 social-engineering incident in which an employee was tricked into providing credentials that enabled unauthorized access to internal messaging systems via third-party tools. Betterment said it detected and contained the access the same day, launched an external forensic investigation, and later indicated the incident affected roughly **1.4 million customers**; exposed data included names, email addresses, and location data broadly, with a smaller subset including phone numbers, physical addresses, dates of birth, job titles, and device details. Betterment stated that **no financial accounts, logins, or passwords** were accessed, but warned that the stolen PII was used to send **crypto-scam messages** impersonating Betterment to pressure users into transferring funds. Separately, the extortion group **ShinyHunters** claimed it stole **1.7 million CarGurus corporate records** and threatened to leak the data if the company did not engage by a stated deadline; the criminals alleged the haul included PII and internal corporate data, and CarGurus had not publicly confirmed the claim at the time of reporting. The same reporting tied the CarGurus claim to a broader run of ShinyHunters-related leak-site postings and extortion threats against other organizations, with at least one victim (Canada Goose) indicating that data recently published online may have been **historical** rather than from a new intrusion.
Mar 21, 2026