Figure data breach exposes nearly 1M accounts

If you person applied for a indebtedness online, you astir apt shared much than you realized. Your name. Your email. Your day of birth. Maybe adjacent your location code and telephone number. Now ideate each of that sitting connected a acheronian web forum.

That is the world for astir 1 cardinal radical aft hackers breached Figure Technology Solutions, a blockchain-focused fintech lender.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

What happened successful the Figure information breach

Figure Technology Solutions, founded successful 2018, uses the Provenance blockchain for lending, borrowing and securities trading. The institution says it has unlocked much than $22 cardinal successful location equity done partnerships with banks, recognition unions, fintechs and location betterment companies. However, down the scenes, attackers were moving connected a precise antithetic angle.

GOOGLE DROPPED DARK WEB MONITORING: SHOULD YOU CARE?
 

Nearly 1 cardinal accounts were exposed aft hackers breached fintech lender Figure Technology Solutions successful a societal engineering attack. (Felix Zahn/Photothek via Getty Images)

According to breach notification information shared by Have I Been Pwned, accusation from 967,200 accounts was exposed. The leaked information included much than 900,000 unsocial email addresses on with names, telephone numbers, carnal addresses and dates of birth. That is simply a golden excavation for individuality thieves. Figure says the incidental stemmed from a societal engineering attack. What that means successful elemental presumption is that idiosyncratic wrong the institution was tricked into handing implicit access.

"We precocious identified that an worker was socially engineered, and that allowed an histrion to download a constricted fig of files done their account," a Figure Technology Solutions spokesperson told CyberGuy successful a statement. "We acted rapidly to artifact the enactment and retained a forensic steadfast to analyse what files were affected. We recognize the value of these matters and are communicating with partners and those impacted arsenic appropriate. We are besides implementing further safeguards and grooming to further fortify our defenses. We are offering complimentary recognition monitoring to each individuals who person a notice. We continuously show accounts and person beardown safeguards successful spot to support customers' funds and accounts."

Social engineering is the existent weapon

When radical perceive the connection blockchain, they deliberation unafraid and untouchable. But attackers did not interruption cryptography. They targeted a quality being. Groups similar ShinyHunters specialize successful this playbook. They reportedly claimed work for the breach and, according to BleepingComputer, posted 2.5GB of information allegedly tied to thousands of indebtedness applicants.

In caller weeks, the aforesaid radical has claimed breaches involving companies similar Canada Goose, Panera Bread and SoundCloud. Not each lawsuit is connected. Still, information researchers person observed a troubling pattern. Attackers impersonate IT support. They telephone employees. They make urgency. Then they nonstop victims to fake login portals that look astir identical to existent ones.

Once employees participate credentials and adjacent multi-factor authentication codes, attackers summation entree to azygous sign-on systems tied to large platforms similar Microsoft and Google. From there, 1 compromised relationship tin unlock a web of connected tools and interior systems.

PANERA BREAD DATA BREACH EXPOSES 5.1M CUSTOMERS
 

Security researchers accidental the Figure information leak underscores however societal engineering bypasses adjacent blockchain-based platforms. (Maxim Konankov/NurPhoto via Getty Images)

Why this matters to you

If your accusation was portion of the Figure information breach, criminals present person capable item to trade convincing phishing emails oregon telephone scams. They tin notation your existent name. They tin mention your address. They tin unreal to beryllium a lender oregon slope calling astir your application.

Even if you ne'er applied for a indebtedness with Figure, this incidental highlights thing bigger. No level is immune to quality error. And societal engineering works due to the fact that it targets trust, not technology.

The bigger acquisition astir blockchain and trust

Figure markets itself arsenic blockchain native. Blockchain tin supply transparency and beardown cryptographic security. However, nary of that protects against a well-crafted telephone call.

You cannot power however companies unafraid their systems. You tin power however you respond. Start by checking whether your email code appears successful the exposed dataset, past instrumentality the steps beneath to fastener down your accounts.

SUBSTACK DATA BREACH EXPOSES EMAILS AND PHONE NUMBERS
 

Figure says an worker was tricked into granting access, allowing attackers to download delicate lawsuit data. (Luke MacGregor/Bloomberg via Getty Images)

Check if your email was exposed

To spot if your email code was affected, visit https://haveibeenpwned.com/. Enter your email code to find retired whether your accusation appears successful the leak. When finished, instrumentality present and statesman Step 1 below.

Take these steps immediately

1. Change immoderate exposed passwords close away. Do not permission a known leaked password successful place. Update it everyplace you utilized it. Use a password manager to make strong, unsocial passwords for each account. Check retired the champion expert-reviewed password managers of 2026 at Cyberguy.com
2. Turn on multi-factor authentication wherever possible.
3. Never stock login codes with anyone, adjacent if they assertion to beryllium IT support.
4. Install beardown antivirus software to assistance artifact phishing links, malicious downloads and ransomware that often travel large breaches. Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
5. Consider a information removal service to trim your idiosyncratic accusation connected information broker sites, which scammers often harvester with breached data. Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.
6. Place a escaped fraud alert oregon recognition freeze with the large recognition bureaus.
7. Monitor your slope and recognition paper statements weekly for suspicious activity.

Also, beryllium cautious of unexpected calls astir your accounts. If idiosyncratic pressures you to enactment immediately, bent up and telephone the institution straight utilizing a fig from its authoritative website.

Kurt's cardinal takeaways

The Figure information breach is simply a reminder that exertion unsocial cannot support delicate information. A azygous worker tricked into revealing credentials tin exposure hundreds of thousands of people. That is not a blockchain failure. It is simply a spot failure. If your information was involved, instrumentality enactment now. Even if it was not, dainty this arsenic a wake-up call. Your idiosyncratic accusation has value. Criminals cognize it. Companies should cognize it too.

If 1 telephone telephone tin unlock astir a cardinal records, are companies investing capable successful grooming people, oregon are they inactive betting everything connected exertion alone? Let america cognize by penning to america at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Related Article