Figure Technology Admits Customer Data Breach from Social Engineering Attack

Figure Technology Confirms Customer Data Breach

Blockchain lending platform Figure Technology has confirmed a data breach following a social engineering attack on one of its employees. The incident has raised serious concerns about customer privacy and corporate cybersecurity practices.

Reports indicate that the hacker group Shiny Hunters claims to have leaked 2.5GB of sensitive customer data after Figure refused to pay a ransom demand. TechCrunch verified some of the leaked documents, which reportedly contain full names, home addresses, dates of birth, and phone numbers.

Company Response and Investigation Status

In a statement to Decrypt, Figure acknowledged that an employee fell victim to social engineering tactics, allowing attackers to download limited files through the compromised account. The company claims to have immediately contained the breach and engaged cybersecurity experts to determine the full scope of impacted data.

Understanding Social Engineering Threats

Social engineering attacks manipulate employees through deceptive communications, often via phishing emails or impersonation calls. Attackers exploit human psychology rather than technical vulnerabilities to gain unauthorized access to sensitive information.

Industry-Wide Security Challenges

A January 2024 Chainalysis report revealed over $17 billion in cryptocurrency stolen through AI-powered scams in the previous year. Meanwhile, 2025 saw continued high levels of data breaches according to Privacy Rights Clearinghouse 2025 year-end report, with regulators documenting more than 8,000 breach notifications affecting at least 374 million individuals.