Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company.
Founded in 2018, Figure uses the Provenance blockchain for lending, borrowing, and securities trading, and has unlocked over $22 billion in home equity with over 250 partners, including banks, credit unions, fintechs, and home improvement companies.
While the blockchain lender didn't publicly disclose the incident, a Figure spokesperson told TechCrunch on Friday that the attackers stole "a limited number of files" in a social engineering attack.
BleepingComputer has also reached out to Figure with further questions about the breach, but a response was not immediately available.
Although the company has yet to share how many individuals were affected by the data breach, notification service Have I Been Pwned has now revealed the extent of the incident, reporting that data from 967,200 accounts was stolen in the attack.
"In February 2026, data obtained from the fintech lending platform Figure was publicly posted online," Have I Been Pwned said on Wednesday.
"The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access."
The ShinyHunters extortion group claimed responsibility for the breach and added the company to its dark web leak site, leaking 2.5GB of data allegedly stolen from thousands of loan applicants.
CaptionFigure Technology on ShinyHunters leak site (BleepingComputer)
In recent weeks, ShinyHunters claimed similar breaches at Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, and CrowdStrike.
... continue reading