Figure data breach exposes nearly 1M accounts

04 Mar 2026 By foxnews

If you have applied for a loan online, you probably shared more than you realized. Your name. Your email. Your date of birth. Maybe even your home address and phone number. Now imagine all of that sitting on a dark web forum.

That is the reality for nearly 1 million people after hackers breached Figure Technology Solutions, a blockchain-focused fintech lender.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

Figure Technology Solutions, founded in 2018, uses the Provenance blockchain for lending, borrowing and securities trading. The company says it has unlocked more than $22 billion in home equity through partnerships with banks, credit unions, fintechs and home improvement companies. However, behind the scenes, attackers were working on a very different angle.

GOOGLE DROPPED DARK WEB MONITORING: SHOULD YOU CARE?

According to breach notification data shared by Have I Been Pwned, information from 967,200 accounts was exposed. The leaked data included more than 900,000 unique email addresses along with names, phone numbers, physical addresses and dates of birth. That is a gold mine for identity thieves. Figure says the incident stemmed from a social engineering attack. What that means in simple terms is that someone inside the company was tricked into handing over access.

"We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account," a Figure Technology Solutions spokesperson told CyberGuy in a statement. "We acted quickly to block the activity and retained a forensic firm to investigate what files were affected. We understand the importance of these matters and are communicating with partners and those impacted as appropriate. We are also implementing additional safeguards and training to further strengthen our defenses. We are offering complimentary credit monitoring to all individuals who receive a notice. We continuously monitor accounts and have strong safeguards in place to protect customers' funds and accounts."

When people hear the word blockchain, they think secure and untouchable. But attackers did not break cryptography. They targeted a human being. Groups like ShinyHunters specialize in this playbook. They reportedly claimed responsibility for the breach and, according to BleepingComputer, posted 2.5GB of data allegedly tied to thousands of loan applicants.

In recent weeks, the same group has claimed breaches involving companies like Canada Goose, Panera Bread and SoundCloud. Not every case is connected. Still, security researchers have observed a troubling pattern. Attackers impersonate IT support. They call employees. They create urgency. Then they direct victims to fake login portals that look nearly identical to real ones.

Once employees enter credentials and even multi-factor authentication codes, attackers gain access to single sign-on systems tied to major platforms like Microsoft and Google. From there, one compromised account can unlock a web of connected tools and internal systems.

PANERA BREAD DATA BREACH EXPOSES 5.1M CUSTOMERS

Why this matters to you

If your information was part of the Figure data breach, criminals now have enough detail to craft convincing phishing emails or phone scams. They can reference your real name. They can cite your address. They can pretend to be a lender or bank calling about your application.

Even if you never applied for a loan with Figure, this incident highlights something bigger. No platform is immune to human error. And social engineering works because it targets trust, not technology.

Figure markets itself as blockchain native. Blockchain can provide transparency and strong cryptographic security. However, none of that protects against a well-crafted phone call.

Security failures often happen at the human layer. That is where attackers focus their energy. As more financial services move online, the attack surface grows. Loan applications, identity verification tools and cloud-based systems create convenience. They also create new targets.

How to protect yourself after the Figure data breach

You cannot control how companies secure their systems. You can control how you respond. Start by checking whether your email address appears in the exposed dataset, then take the steps below to lock down your accounts.

SUBSTACK DATA BREACH EXPOSES EMAILS AND PHONE NUMBERS

To see if your email address was affected, visit https://haveibeenpwned.com/. Enter your email address to find out whether your information appears in the leak. When finished, return here and begin Step 1 below.

Also, be cautious of unexpected calls about your accounts. If someone pressures you to act immediately, hang up and call the company directly using a number from its official website.

The Figure data breach is a reminder that technology alone cannot protect sensitive information. A single employee tricked into revealing credentials can expose hundreds of thousands of people. That is not a blockchain failure. It is a trust failure. If your data was involved, take action now. Even if it was not, treat this as a wake-up call. Your personal information has value. Criminals know it. Companies should know it too.

If one phone call can unlock nearly a million records, are companies investing enough in training people, or are they still betting everything on technology alone? Let us know by writing to us at Cyberguy.com