Figure Technology disclosed Friday that it experienced a customer data breach after an employee was targeted in a social engineering attack. The company confirmed that unauthorized access occurred when an individual manipulated the employee, enabling the download of a limited set of files through that account.
The hacking collective ShinyHunters claimed responsibility for the intrusion, asserting that Figure declined to pay a ransom demand and that approximately 2.5 gigabytes of data were subsequently published. According to a report by TechCrunch, a review of some of the exposed files indicated they contained customers’ full names, home addresses, dates of birth, and phone numbers.
In its statement, Figure explained that it moved swiftly to block the suspicious activity and engaged a forensic investigation firm to determine the scope of affected files. The company described the breach as limited in scope but did not provide additional technical details.
Social engineering attacks typically involve deceptive emails, phone calls, or messages that trick employees into revealing credentials or approving unauthorized access. Such tactics have become increasingly sophisticated. A January report from Chainalysis indicated that more than $17 billion in cryptocurrency was stolen last year through AI-driven impersonation scams.
Data breaches have remained widespread. A December 2025 report from Privacy Rights Clearinghouse noted that regulators recorded over 8,000 notification filings tied to more than 4,000 separate incidents affecting at least 374 million individuals.
Founded in 2018, Figure is a New York-based lender that operates its loan platform on the Provenance Blockchain, primarily offering home equity lines of credit. The company went public in September 2025 under the ticker FIGR, raising approximately $787.5 million in an initial public offering that valued it near $5.3 billion.
A representative declined to elaborate further on the breach. However, a member of ShinyHunters reportedly suggested that the incident was part of a broader campaign targeting companies using single sign-on provider Okta. Other alleged targets were said to include Harvard University and University of Pennsylvania.
Figure stated that it is notifying affected individuals and business partners while implementing additional safeguards. The company added that it is offering complimentary credit monitoring services to individuals who receive notification letters and emphasized that it continuously monitors accounts with established protections designed to safeguard customer funds.
Secondary Offering Signals Blockchain Ambitions
The disclosure coincided with Figure’s announcement of a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock. The company also revealed plans to repurchase up to $30 million of Class A shares from underwriters.
Figure has positioned itself as a blockchain-native capital marketplace focused on tokenized assets, reporting that it has originated more than $20 billion in on-chain credit. Its technology infrastructure runs on Provenance Blockchain, and it operates a non-custodial alternative trading system that allows users to maintain direct control of their assets.
The company previously filed a registration statement with the U.S. Securities and Exchange Commission in November to ensure regulatory compliance for the offering. The new class of shares is designed specifically for blockchain issuance, with each share convertible one-for-one into Class A Common Stock. Trading is expected to occur on Figure’s own alternative trading system, with settlement conducted directly on-chain.
Executive leadership has described the initiative as part of a broader effort to modernize capital markets infrastructure. Recent earnings results showed consumer loan marketplace volume rising sharply year over year, reinforcing the company’s confidence in expanding into blockchain-based equity trading.
While challenges remain, including regulatory oversight and broader adoption hurdles, Figure’s latest moves underscore its strategy to blend traditional finance with on-chain systems, even as it addresses the immediate fallout from a significant cybersecurity incident.