Major Data Breach at Figure Technology Solutions

Major Data Breach at Figure Technology Solutions: (February 2026 Incident with Ongoing March Developments)

Figure Technology Solutions, Inc. (NASDAQ: FIGR), the blockchain-powered fintech company behind Figure Lending and known as America’s #1 non-bank provider of home equity lines of credit (HELOC), suffered a significant data breach in early 2026. While the incident was first publicly confirmed and the data leaked in February 2026, it continues to generate headlines, lawsuits, and customer notifications into March 2026 — which may explain the timing in recent coverage.

Here is the complete, factual story based on company statements, independent analyses, and cybersecurity reports.

What Happened: The Breach Timeline

• January 2026: Attackers gained initial unauthorized access. The breach was later detected around January 28.

• February 13, 2026: The extortion group Shiny Hunters publicly claimed responsibility on its dark web leak site. They posted approximately 2.5 GB of archived data after Figure refused to pay a ransom. The same day, Figure confirmed the incident to media outlets.

• February 18, 2026: The breach was added to the Have I Been Pwned database.

• February 23–25, 2026 onward: Figure began formal notifications to affected individuals and state regulators. Some state attorney general filings (e.g., Massachusetts and Texas) were submitted around this time.

• March 2026 (ongoing): Class-action lawsuits have been filed, credit-monitoring offers are being sent, and media recaps continue. No new breach or additional data leak has been reported.
  

The attack was not a sophisticated technical hack of Figure’s blockchain systems or databases. Instead, it was a classic social engineering / vishing (voice phishing) attack. Attackers impersonated trusted IT support, tricked an employee into handing over single sign-on (SSO) credentials (via Okta) and multi-factor authentication codes. This gave them access to an employee account, from which they downloaded a “limited number of files.”This incident was part of a broader ShinyHunters campaign targeting Okta users (other victims included universities like Harvard and the University of Pennsylvania).

What Data Was Exposed?
Approximately 967,200 unique accounts were affected (based on 967,200 unique email addresses in the leaked dataset).
The compromised information included:

• Full names

• Email addresses

• Phone numbers

• Physical home addresses

• Dates of birth

Importantly, Figure has repeatedly stated there is no evidence that:

• Social Security numbers

• Financial account details

• Loan information

• Customer funds

• Any payment card data

…were accessed or exfiltrated. Independent analyses (Have I Been Pwned, TechCrunch sample review, UpGuard) confirm only the personal identifiers listed above were in the leaked files. The breach is classified as medium severity due to the identity-theft risk, but not catastrophic financial exposure.

Figure’s Official Response

Figure spokesperson Alethea Jadick told TechCrunch on February 13:

“The breach originated when an employee was tricked with a social engineering attack that allowed the hackers to steal ‘a limited number of files.’”

The company has:

• Reported the incident to law enforcement and is cooperating with investigations.

• Begun notifying impacted customers and partners directly (via mail and email where possible).

• Offered two years of free credit monitoring and identity restoration services to everyone who receives a notice.

• Enhanced internal security measures post-incident.

No public press release appears on Figure’s homepage (figure.com) as of March 4, 2026; notifications have been handled individually as required by law.

Impact and Legal Fallout

• Risk to customers: The exposed data is “identity-rich,” raising the risk of phishing, smishing, account takeovers on other sites, and identity theft. Experts recommend vigilance.

• Lawsuits: Multiple class-action suits have been filed (e.g., in North Carolina and others), alleging Figure failed to implement reasonable cybersecurity safeguards and did not notify victims quickly enough.

• Broader context: Figure was in the middle of post-IPO activities (the company went public in 2025), making the timing particularly painful.
  

What Should Affected Customers Do Right Now?
If you have ever taken a loan or opened an account with Figure Lending / Figure Markets:

1. Watch for notification — Check your mail and email (including spam) over the coming weeks.

2. Enroll in the free credit monitoring offered by Figure (details will be in the notice).

3. Monitor your credit reports (free weekly at AnnualCreditReport.com) and place a fraud alert or credit freeze if concerned.

4. Change passwords on any accounts that reuse the same email/password combo — and enable MFA everywhere.

5. Beware of phishing — Never give personal info over unsolicited calls or texts claiming to be from Figure.

6. Check Have I Been Pwned — Search your email at haveibeenpwned.com.
   

Final Thoughts:

This breach highlights a growing trend: even advanced fintech companies using blockchain for lending are vulnerable when a single employee falls for a well-crafted social engineering attack. Figure acted responsibly by confirming the incident quickly, offering remediation, and emphasizing that core financial systems were untouched.

As of March 4, 2026, no further data has surfaced, and the story appears contained — but the ripple effects (lawsuits, customer trust, regulatory scrutiny) will likely continue for months.

Sources for this report include direct statements from Figure, analysis by Have I Been Pwned, UpGuard, TechCrunch, SecurityWeek, American Banker, and state regulatory filings. If you receive a Figure breach notice or believe your data was involved, consult a data-breach attorney or credit counselor for personalized advice.