Data breach reported for Figure Technology Solutions, Inc

Key Facts: Figure Data Breach

• Date reported: February 13, 2026.
• Unauthorized access identified: January 2026 (detected January 28, 2026).
• Target entity: Figure Technology Solutions (figure.com).
• Source of breach: ShinyHunters (vishing/social engineering attack).
• Data types: Names, unique email addresses, phone numbers, physical home addresses, and dates of birth for approximately 967,200 accounts.
• Status: Confirmed; Figure confirmed a social engineering attack on an employee. The stolen data (approx. 2.5GB) was leaked on a dark web forum on February 13, 2026.
• Severity: Medium; while the breach involves identity-rich data for nearly 1 million users, the company stated that Social Security numbers, customer funds, and the Provenance Blockchain were not compromised.

Start continuous breach monitoring with UpGuard.

What happened in the Figure data breach?

Figure (figure.com), a financial services firm specializing in lending, disclosed a data breach on February 25, 2026. The incident involved unauthorized access to personal information stored within the organization's databases. According to company reports, the breach was initially identified in January 2026 and affected Figure Lending Corp along with its subsidiaries. The threat actor group ShinyHunters claimed responsibility for the unauthorized access.

The incident is classified as medium severity because it involved the exposure of highly sensitive personal identifiers. The compromised data includes names, physical addresses, phone numbers, email addresses, and dates of birth. While Figure stated there is no evidence that customer funds or accounts were accessed directly, the breadth of information exposed is significant, totaling approximately 2.5GB of exfiltrated data. Such incidents typically increase the risk of identity theft and targeted phishing campaigns for the individuals involved.

Who is behind the incident?

The incident has been attributed to ShinyHunters, a notorious extortion group. The breach was executed through a sophisticated voice phishing (vishing) campaign targeting a Figure employee. The attackers impersonated IT support to trick the employee into providing Single Sign-On (SSO) credentials and multi-factor authentication (MFA) codes, allowing the threat actors to bypass "human firewall" defenses and access internal administration tools.

Impact and risks for Figure customers

For customers of Figure, the exposure of identity data such as physical addresses and dates of birth presents plausible risks of identity theft, credential abuse, and targeted phishing. Malicious actors could potentially use this information to conduct social engineering attacks or attempt to gain access to other financial services. Although no direct account access or theft of funds was reported, the breadth of personal identifiers leaked makes individuals vulnerable to long-term fraud.

Typical outcomes of such breaches include a rise in fraudulent communications and unauthorized credit applications. Affected individuals should immediately enroll in the credit monitoring services provided by Figure and place a fraud alert on their credit reports. Maintaining vigilance and reviewing financial statements regularly are concrete protective actions. Proactive transparency from companies helps mitigate these long-term security risks.

How to protect against similar security incidents

Get instant alerts when your data appears on the dark web.

Frequently asked questions

What happened in the Figure security breach?

In February 2026, the threat actor group ShinyHunters posted 2.5GB of stolen data from Figure (figure.com) online. The breach resulted from a social engineering attack where an employee was tricked into revealing login credentials.

When did the Figure breach occur?

The Figure breach was publicly reported on February 13, 2026, though the unauthorized access to the employee's account occurred earlier in January 2026. Figure identified the activity on January 28, 2026.

What data was exposed?

The investigation and independent analysis confirmed that the exposed data included names, dates of birth, email addresses, phone numbers, and physical home addresses for approximately 967,200 unique accounts.

Is my personal information at risk?

If you interacted with Figure, there's a possibility your personal information could be affected. This data is often used for identity checks, meaning you should be alert for sophisticated scams. Figure is offering free credit monitoring to affected individuals.

How can I protect myself after this data breach?

• Enroll in the complimentary credit monitoring and identity restoration services offered by Figure.
• Change your account passwords and enable multi-factor authentication (MFA).
• Monitor your financial statements and credit reports for any suspicious activity.
• Be cautious of unsolicited emails or phone calls asking for personal information.
• Use breach monitoring tools to stay informed about potential data exposures.

What steps should companies take after being impacted by this breach?

Figure has reported the incident to law enforcement and is cooperating with investigations. The company has taken steps to enhance security measures, notified affected parties, and is providing two years of credit monitoring services. Organizations in this position also typically deploy attack surface management to prevent future incidents.