Figure Technology Solutions
Analysis of the Figure Technology breach affecting 967,000 users via social engineering by the ShinyHunters group.
Published by the Scrutex.ai Research Team | February 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Figure Technology Solutions
Fintech company providing blockchain-based lending, equity, and payments, publicly traded on Nasdaq under ticker FIGR.
Sector
Fintech / Blockchain
Region
United States
Date of Incident
February 2026 (SSO compromise via vishing)
Date Disclosed
February 13-14, 2026
Estimated Impact
Nearly 967,000 users
Data Types Exposed
Names, dates of birth, email addresses, postal addresses, phone numbers
Attack Type
Social Engineering
Attack Vector
Voice phishing (vishing) targeting employee to obtain credentials and MFA codes
Threat Actor
ShinyHunters
Current Status
Data published on ShinyHunters leak site after ransom refused. Figure retained forensic firm. Additional safeguards being implemented.
Severity Assessment
High. Nearly 967,000 customer records exposed. Part of broader ShinyHunters Okta SSO vishing campaign. Incident coincided with Figure's secondary stock offering.
What Happened
On February 14, 2026, Figure Technology Solutions disclosed that nearly 967,000 users were affected by a data breach. The ShinyHunters group claimed responsibility.
The attack reportedly involved social engineering of an employee. A 2.5GB data archive was posted online containing names, dates of birth, emails, addresses, and phone numbers.
Timeline
February 2026
ShinyHunters compromise employee credentials via vishing, bypassing MFA
February 13-14, 2026
Figure Technology discloses the breach and retains forensic firm
February 2026
2.5GB data archive published on ShinyHunters leak site after ransom refused
Threat Actor Profile
ShinyHunters targeted Figure Technology as part of their broader early 2026 Okta SSO vishing campaign.
The timing of the breach, coinciding with Figure's secondary stock offering, may have been deliberate to maximise pressure on the company.
Impact and Risk Assessment
For Affected Individuals
Nearly 967,000 customers had their personal data exposed including names, dates of birth, and contact information.
Customers of a blockchain-based financial services company may be targeted for cryptocurrency-related scams using the exposed data.
For Organisations
Figure Technology faces reputational damage at a particularly sensitive time, given the breach coincided with a secondary stock offering.
The incident adds to the growing list of fintech companies compromised through SSO credential attacks.
Regulatory Context
As a publicly traded company, Figure faces SEC disclosure requirements in addition to state data breach notification laws.
Financial services regulators may scrutinise the adequacy of security controls for a company handling lending and payment data.
What Should You Do?
If You Are a Potentially Affected Individual
If you are a Figure Technology customer, change your account password and monitor for phishing attempts referencing your financial services usage.
Be particularly cautious of messages claiming to be from Figure or other blockchain/crypto services.
If You Are a Security or Risk Professional
Implement phishing-resistant MFA that cannot be bypassed through vishing. FIDO2/WebAuthn provides stronger protection than SMS or app-based OTP codes.
Coordinate security incident response with investor relations teams, as breaches during sensitive financial events create compounded risk.
Learnings and Recommendations
ShinyHunters' involvement links this to a broader campaign across multiple targets in Q1 2026. Social engineering of employees remains a highly effective attack vector even at well-funded fintech companies.
Organisations should implement robust security awareness training and phishing-resistant authentication methods.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.