Data breach at fintech giant Figure affects close to a million customers

Source: TechCrunch

In Brief

The data breach that hit blockchain‑based lending giant Figure affected nearly a million customers, according to a security researcher.

Image credit: Michael Nagle/Bloomberg / Getty Images

Figure’s initial disclosure

Last week, Figure confirmed a data breach that allowed hackers to steal “a limited number of files” from its systems. The company did not provide specifics on what kind of data was stolen nor say how many customers were affected.

Findings by Troy Hunt

On Wednesday, security researcher Troy Hunt—creator of the data‑breach notification site Have I Been Pwned—analyzed the allegedly stolen data and found it contained 967,200 unique email addresses associated with Figure customers.

The data also included:

• Customer names
• Dates of birth
• Physical addresses
• Phone numbers

The full breach details are listed on the Have I Been Pwned breach page: .

Figure did not respond to a request for comment, nor did it dispute Hunt’s findings.

Attribution

The cybercrime group ShinyHunters told TechCrunch that it was responsible for the attack on Figure. The group published 2.5 GB of data allegedly stolen from Figure on its leak website, where hackers shame victims and publish stolen data if extortion attempts fail.