"A data vault cracked open, and nearly a million digital identities spilled into the wild. This time, the fallout traces back to fintech lender Figure, where attackers turned a well-placed conversation into a gateway for mass exposure. According to reporting by TechCrunch and subsequent analysis by Have I Been Pwned, 967,200 customer email records were compromised after a social engineering attack granted unauthorized access to Figure's internal systems."
"The published files go beyond email records, containing customer names, dates of birth, phone numbers, and physical addresses linked to individual accounts. Those elements amount to a structured identity profile rather than a basic contact list. Roughly 2.5 GB of data was posted online by ShinyHunters, suggesting a sizable internal data set. Because birth dates and home addresses are commonly used in identity verification across financial and telecom services, their exposure significantly increases the potential for misuse."
Nearly 967,200 customer email records were compromised after a social engineering attack gave attackers unauthorized access to fintech lender Figure's internal systems in January 2026. The leaked dataset contains customer names, dates of birth, phone numbers, and physical addresses linked to individual accounts, forming structured identity profiles rather than basic contact lists. Approximately 2.5 GB of data was posted online by ShinyHunters. Because birth dates and home addresses are commonly used for identity verification across financial and telecom services, exposed data significantly increases the potential for misuse and identity fraud. Figure confirmed the breach but did not respond to requests to clarify scope; the incident was indexed on Have I Been Pwned.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]