Figure Data Breach Exposes Fintech Lending Giant
â–¼ Summary
– Figure Technology, a blockchain lending company, confirmed a data breach caused by a social engineering attack on an employee.
– The company is offering free credit monitoring to affected individuals and working with partners.
– The hacking group ShinyHunters claimed responsibility, stating Figure refused to pay a ransom, and leaked 2.5GB of data.
– The leaked data TechCrunch reviewed included customers’ full names, addresses, dates of birth, and phone numbers.
– A ShinyHunters member linked the breach to a campaign targeting Okta single sign-on customers, which also affected Harvard and UPenn.
Figure Technology, a prominent fintech firm specializing in blockchain-powered lending, has confirmed a significant data breach stemming from a sophisticated social engineering attack. The incident involved an employee being deceived, which granted hackers access to a restricted set of company files. A spokesperson for the company, Alethea Jadick, acknowledged the security event, noting that Figure is actively collaborating with external partners and affected individuals. As part of its response, the firm is providing complimentary credit monitoring services to every person who receives an official notification about the breach.
The company’s statement did not address numerous detailed inquiries regarding the nature and full scope of the incident. Responsibility for the cyberattack was claimed by the notorious hacking collective known as ShinyHunters. On its dark web platform, the group asserted that Figure declined to pay a demanded ransom, leading to the public release of approximately 2.5 gigabytes of purportedly stolen data.
A review of a sample of the leaked information revealed it contained highly sensitive personal details of customers. This compromised data reportedly includes individuals’ complete legal names, residential addresses, dates of birth, and contact telephone numbers. The breach exposes affected customers to heightened risks of identity theft and targeted phishing schemes.
According to a ShinyHunters member who communicated with reporters, this breach is part of a broader hacking campaign. The attackers reportedly focused on organizations that utilize the single sign-on authentication service Okta. This campaign has impacted other major institutions, including Harvard University and the University of Pennsylvania, indicating a widespread and coordinated effort against Okta’s client network. The incident underscores the critical vulnerabilities that can arise from third-party service providers and sophisticated social engineering tactics, posing serious questions for data security across the financial technology and education sectors.
(Source: TechCrunch)
