Nearly one million personal accounts have been exposed to the fintech lender
If you apply for a loan online, you’ve probably involved more than you realize. your name. Your email. Your date of birth. Maybe even your home address and phone number. Now imagine all of that sitting on Dark web forum.
This is the reality for nearly a million people afterward Hackers hacked Figure Technology Solutionsa blockchain-focused fintech lender.
Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – FREE when you join my site CYBERGUY.COM Newsletter.
What happened in the figure data breach
Figure Technology Solutions, founded in 2018, uses blockchain source For lending, borrowing and securities trading. The company says it has acquired more than $22 billion in home equity through partnerships with banks, credit unions, fintech companies and home improvement companies. However, behind the scenes, the attackers were operating from a completely different angle.
GOOGLE HAS DROPPED DARK WEB MONITORING: SHOULD YOU CARE?
Nearly one million accounts have been exposed after hackers breached fintech bank Figure Technology Solutions in a social engineering attack. (Felix Zhan/Phototec via Getty Images)
According to breach notification data shared by Have I Been Pwned, information from 967,200 accounts was exposed. The leaked data included more than 900,000 unique email addresses, in addition to names, phone numbers, physical addresses, and dates of birth. This is a goldmine for identity thieves. The figure says the incident stemmed from a social engineering attack. What this means in simple terms is that someone within the company has been tricked into handing over access.
“We recently identified that an employee was socially engineered, allowing the actor to download a limited number of files through their account,” a spokesperson for Figure Technology Solutions told CyberGuy in a statement. “We acted quickly to prevent the activity and retained a forensic firm to investigate the files affected. We recognize the importance of these matters and are reaching out to partners and those affected as appropriate. We are also implementing additional safeguards and training to strengthen our defences. We offer free credit monitoring to all individuals who receive a notification. We continually monitor accounts and have strong safeguards in place to protect customer funds and accounts.”
Social engineering is the real weapon
When people hear the word blockchain, they think it is secure and untouchable. But the attackers did not break the encryption. They targeted a human. Groups like ShinyHunters specialize in these rules of the game. They reportedly claimed responsibility for the breach and, according to BleepingComputer, released 2.5GB of data allegedly linked to thousands of loan applicants.
In recent weeks, the same group has alleged violations involving companies such as Canada Goose, Panera bread and Soundcloud. Not every case is connected. However, security researchers have noticed a worrying pattern. Attackers impersonate IT support. They are called employees. They create urgency. They then direct victims to fake login portals that look almost identical to the real ones.
Once employees enter credentials and even multi-factor authentication codes, attackers gain access to single sign-on systems associated with major platforms like Microsoft and Google. From there, a single compromised account can open up a network of connected internal tools and systems.
Panera Bread data breach exposes 5.1 million customers
Security researchers say the Shape data leak underscores how social engineering goes beyond even blockchain-based platforms. (Maxim Konankov/Noor Photo via Getty Images)
Why is this important to you?
If your information is part of a data breach, criminals now have enough details to craft convincing phishing emails or phone scams. They can indicate your real name. They can mention your address. They can pretend to be a lender or bank calling about your application.
Even if you’ve never applied for a loan from FIGER, this incident highlights something bigger. No platform is immune to human error. Social engineering is successful because it targets trust, not technology.
The biggest lesson is about blockchain and trust
Figure markets itself as blockchain-native. Blockchain technology can provide transparency and strong cryptographic security. However, none of this protects against making a well-prepared phone call.
Security failures often occur at the human level. This is where attackers focus their energy. As more financial services move online, the attack surface grows. loan applications, Identity verification tools And cloud-based systems provide convenience. It also creates new goals.
How to protect yourself after a data breach
You can’t control how companies secure their systems. You control how you respond. Start by checking if your email address appears in the exposed data set, then follow the steps below to secure your accounts.
A sub-data breach exposes emails and phone numbers
The figure shows that an employee was tricked into granting access, allowing attackers to download sensitive customer data. (Luke MacGregor/Bloomberg via Getty Images)
Check if your email has been exposed
To see if your email address has been affected, visit https://haveibeenpwned.com/. Enter your email address to see if your information appears in the leak. When you’re done, come back here and start step one below.
Take these steps immediately
- Change any exposed passwords immediately. Never leave a known leaked password lying around. Update it everywhere you use it. Use a password manager to create strong, unique passwords for each account. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com
- employment Multi-factor authentication Wherever possible.
- Never share login codes With anyone, even if they claim to be IT-supportive.
- Install powerful antivirus software To help block phishing links, malicious downloads, and ransomware that often follow major breaches. Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.
- Consider a data removal service To reduce your personal information on data broker sites, which scammers often collect with compromised data. Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.
- Set a free fraud or credit freeze alert With major credit bureaus.
- Monitor your bank and credit card statements weekly For suspicious activity.
Also be wary of unexpected calls about your accounts. If someone pressures you to act immediately, hang up and call the company directly using a number from their official website.
Key takeaways for Kurt
The Shape data breach is a reminder that technology alone cannot protect sensitive information. One employee tricked into revealing his or her credentials could expose hundreds of thousands of people. This is not a blockchain failure. It is a failure of trust. If your data is involved, take action now. Even if not, treat this as a wake-up call. Your personal information is valuable. Criminals know this. And companies should know that, too.
If a single phone call can open nearly a million records, are companies investing enough in training people, or are they still betting everything on technology alone? Let us know by writing to us at Cyberguy.com
Click here to download the FOX NEWS app
Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – FREE when you join my site CYBERGUY.COM Newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Related article
Post Comment