92/69 Monday, February 16, 2026
Figure Technology Solutions, Inc., a U.S.-based fintech company that develops blockchain-powered lending platforms, has confirmed a data breach after one of its employees fell victim to a social engineering attack. As a result, threat actors were able to access and exfiltrate a limited number of company files. A company spokesperson described the incident as involving “a limited number of files” and stated that an impact assessment is currently underway. The company has begun notifying individuals who may have been affected.
Founded in 2018, Figure operates in the financial technology sector, offering platforms for lending, capital markets, and asset management. Its products serve both individual and institutional customers and include HELOC loans, refinancing services, DSCR loans, crypto-backed loans, and the Figure Connect credit marketplace. The company has started notifying impacted individuals and is offering free credit monitoring services to those who receive breach notification letters. However, Figure has not disclosed the total number of affected individuals or the date the incident was detected.
Meanwhile, the cybercriminal group ShinyHunters has claimed responsibility for the breach on a dark web forum, alleging that the company refused to pay a ransom. The group claims to have stolen approximately 2.5 gigabytes of data and has released sample records containing personal details such as names, addresses, dates of birth, and phone numbers-potentially increasing the risk of fraud and follow-up phishing attacks. Reports suggest that the incident may be linked to a broader campaign targeting customers using Okta’s Single Sign-On (SSO) services, although the company has not confirmed further technical details.
