Social Engineering Fintech / Blockchain · United States · February 2026

Figure Technology Solutions

Analysis of the Figure Technology breach affecting 967,000 users via social engineering by the ShinyHunters group.

Records Affected

Nearly 967,000 users

Attack Type

Social Engineering

Location

United States

Data types exposed

Names dates of birth email addresses postal addresses phone numbers

What Happened

On February 14, 2026, Figure Technology Solutions disclosed that nearly 967,000 users were affected by a data breach. The ShinyHunters group claimed responsibility.
The attack reportedly involved social engineering of an employee. A 2.5GB data archive was posted online containing names, dates of birth, emails, addresses, and phone numbers.

Timeline

  • February 2026 — ShinyHunters compromise employee credentials via vishing, bypassing MFA
  • February 13-14, 2026 — Figure Technology discloses the breach and retains forensic firm
  • February 2026 — 2.5GB data archive published on ShinyHunters leak site after ransom refused

Threat Actor Profile

ShinyHunters targeted Figure Technology as part of their broader early 2026 Okta SSO vishing campaign.
The timing of the breach, coinciding with Figure's secondary stock offering, may have been deliberate to maximise pressure on the company.

Impact and Risk Assessment

For Individuals

Nearly 967,000 customers had their personal data exposed including names, dates of birth, and contact information.
Customers of a blockchain-based financial services company may be targeted for cryptocurrency-related scams using the exposed data.

For Organisations

Figure Technology faces reputational damage at a particularly sensitive time, given the breach coincided with a secondary stock offering.
The incident adds to the growing list of fintech companies compromised through SSO credential attacks.

Regulatory Context

As a publicly traded company, Figure faces SEC disclosure requirements in addition to state data breach notification laws.
Financial services regulators may scrutinise the adequacy of security controls for a company handling lending and payment data.

What Should You Do?

For Individuals

  • If you are a Figure Technology customer, change your account password and monitor for phishing attempts referencing your financial services usage.
  • Be particularly cautious of messages claiming to be from Figure or other blockchain/crypto services.

For Security Professionals

  • Implement phishing-resistant MFA that cannot be bypassed through vishing. FIDO2/WebAuthn provides stronger protection than SMS or app-based OTP codes.
  • Coordinate security incident response with investor relations teams, as breaches during sensitive financial events create compounded risk.

Learnings and Recommendations

ShinyHunters' involvement links this to a broader campaign across multiple targets in Q1 2026. Social engineering of employees remains a highly effective attack vector even at well-funded fintech companies.
Organisations should implement robust security awareness training and phishing-resistant authentication methods.
This advisory summarises a publicly reported cybersecurity incident for educational purposes. Information is sourced from publicly available reports and may include claims that are unverified or disputed. Inclusion does not imply fault or negligence by the affected organisation.
Back to all advisories