Fintech lending giant Figure confirms data breach | TechCrunch

Figure Technology, a blockchain-based lending company, confirmed that there had been a data breach.

On Friday, Figure spokesperson Alethea Jadick told TechCrunch in a statement that the breach occurred when an employee was tricked with a social engineering attack that allowed the hackers to steal “a limited number of files.”

The statement said the company is “working with partners and those affected” and is offering free credit monitoring “to all individuals who receive a notice.”

Figure’s spokesperson did not respond to a series of specific questions about the breach.

The hacking group ShinyHunters took responsibility for the hack on its official dark web leak website, saying the company refused to pay a ransom and publishing 2.5 gigabytes of allegedly stolen data.

TechCrunch saw some of the data, including customers’ full names, home addresses, dates of birth and phone numbers.

A member of ShinyHunters told TechCrunch that Figure was one of the victims of a hacking campaign which was aimed at customers who rely on the single sign-on provider Okta. Other victims of the campaign include Harvard University and the University of Pennsylvania (UPenn).