Nearly 1 Million User Records Compromised in Figure Data Breach

• Nearly 1 million user records have been compromised in a data breach at blockchain-powered lender Figure Technology Solutions.The companyconfirmedto TechCrunch that it suffered a data breach after an employee fell victim to a social engineering attack, saying the attackers obtained a limited number of files.The ShinyHunters hacker group took credit for the attack on Figure. • On its Tor-based leak website the cybercrime group made available more than 2.4GB of archive files allegedly containing data stolen from the company.The data breach notification service Have I Been Pwned hasanalyzedthe leaked data and identified roughly 967,000 Figure user records.The exposed information includes names, dates of birth, email addresses, postal addresses, and phone numbers.Figure Technology Solutions is a Nasdaq-listed fintech firm specializing in blockchain-based home equity lending and mortgage services.ShinyHunters told TechCrunch that Figure is one of the many victims of the recentOkta campaign, which involved voice phishing to target single sign-on (SSO) accounts that the hackers could leverage to access sensitive data.Advertisement. • Scroll to continue reading.The list of victims also includesBetterment,Crunchbase, andPanera Bread.Related:ShinyHunters-Branded Extortion Activity Expands, EscalatesRelated:Hackers Offer to Sell Millions of Eurail User RecordsRelated:Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data BreachesRelated:Dutch Carrier Odido Discloses Data Breach Impacting 6 Million The companyconfirmedto TechCrunch that it suffered a data breach after an employee fell victim to a social engineering attack, saying the attackers obtained a limited number of files.The ShinyHunters hacker group took credit for the attack on Figure. • On its Tor-based leak website the cybercrime group made available more than 2.4GB of archive files allegedly containing data stolen from the company.The data breach notification service Have I Been Pwned hasanalyzedthe leak

Article Summaries:

• A data breach at blockchain‑powered lender Figure Technology Solutions exposed nearly one million user records. The company said an employee fell victim to a social‑engineering attack, allowing the ShinyHunters hacker group to obtain a limited set of files. ShinyHunters claimed responsibility and posted more than 2.4 GB of archives on a Tor leak site. Have I Been Pwned analysis identified roughly 967,000 Figure user records, including names, dates of birth, email addresses, postal addresses, and phone numbers. The breach is linked to the recent Okta voice‑phishing campaign that targeted single sign‑on accounts, with other victims such as Betterment, Crunchbase, and Panera Bread.

Sources:

• https://www.securityweek.com/nearly-1-million-user-records-compromised-in-figure-data-breach/