Fintech lending giant Figure confirms data breach | TechCrunch
TechCrunch
by Lorenzo Franceschi-BicchieraiFebruary 13, 2026
AI-Generated Deep Dive Summary
Fintech lending company Figure confirmed a data breach after hackers gained access to an employee's account through a social engineering attack. The breach was attributed to the hacking group ShinyHunters, who claimed responsibility on their dark web site. The attackers downloaded approximately 2.5 gigabytes of data, which included sensitive customer information such as full names, home addresses, dates of birth, and phone numbers. Although Figure has not responded to specific questions about the breach, they have informed affected individuals and offered free credit monitoring.
The incident occurred as part of a broader hacking campaign targeting organizations that rely on Okta's single sign-on services. Other notable victims include Harvard University and the University of Pennsylvania (UPenn). ShinyHunters revealed that Figure was among several companies targeted in this campaign, which highlights vulnerabilities in third-party authentication systems. The group also mentioned that Figure refused to pay a ransom, prompting them to leak the stolen data.
This breach underscores significant security risks in the fintech sector, particularly for platforms reliant on blockchain technology and employee accounts susceptible to social engineering attacks. For tech enthusiasts and industry professionals, this incident highlights the importance of robust cybersecurity measures, especially for systems dependent on third-party services like Okta. The exposure of sensitive customer data not only compromises individual privacy but also raises concerns about the reliability of fintech platforms in safeguarding user information.
Verticals
techstartups
Originally published on TechCrunch on 2/13/2026