Figure Technology Data Breach Exposes Personal Customer Details

Figure Technology, a Nasdaq-listed blockchain-based lending firm, confirmed a data breach after attackers used social engineering to compromise an employee. A spokesperson cited by TechCrunch on February 13, 2026, said investigators found a limited set of files had been accessed and that the firm had begun notifying those affected and offering free credit monitoring. The disclosure comes amid continued scrutiny of security practices in crypto‑enabled financial services, where the value of open networks is matched by the risk of exposed personal data when staff can be manipulated into providing access.

Key takeaways

• Unauthorized access resulted from social engineering targeting an individual employee, yielding a limited quantity of files.
• Leaked material includes customers’ full names, home addresses, dates of birth and phone numbers, which could enable identity fraud or phishing attempts.
• The ShinyHunters group claimed responsibility on its dark‑web site, citing the data exfiltration after a ransom declined by the company and publishing roughly 2.5 gigabytes of data.
• Approximately 2.5 gigabytes of data were published by the attackers as part of the leak.
• Figure Technology announced it began notifying affected customers and offering free credit monitoring; the company had recently listed on the Nasdaq and launched the OPEN platform in January 2026.
• OPEN, short for On‑Chain Public Equity Network, enables issuing real shares on Provenance’s blockchain and allows direct lending of pledged shares, bypassing traditional brokers for certain activities.

Market context: This incident sits within a broader pattern of security episodes affecting crypto lenders and open‑finance platforms. While overall phishing losses in 2025 declined to about $83.85 million across Ethereum Virtual Machine chains, that trend does not imply phishing has ended; attackers adapt to market conditions and target staff or supply chains. The lull followed a mid‑2025 rally in the market, notably amid Ethereum’s strong rally in 2025, but risks remain high for users of on‑chain finance protocols.

Why it matters

For investors, the breach underscores the intertwined risks facing fintechs and crypto lending platforms that rely on open networks and real‑time settlement. The exposure of personal data heightens the potential for identity fraud and phishing campaigns aimed at Figure’s customers, complicating risk management for the company and its users.

For builders and platform operators, the incident highlights the ongoing need for robust authentication, staff training against social engineering, and zero‑trust architectures that limit data access even after a single employee is compromised. The January 2026 OPEN launch signals Figure’s ambition to reimagine the capital‑markets stack by enabling real shares on a blockchain, but the breach shows that security controls must keep pace with product innovation to sustain user trust.

From a market perspective, security incidents like this can influence sentiment around on‑chain equity solutions and related fintech services, especially as regulators scrutinize data privacy and the standards governing tokenized assets and cross‑border lending.

What to watch next

• Figure’s forthcoming disclosures on the scale of the breach, including the number of affected individuals and the exact data types exposed.
• Any regulatory notices or investigations stemming from the incident and their implications for data privacy in blockchain‑driven lending.
• Adoption metrics or governance updates tied to OPEN and its integration with the Provenance blockchain.
• Additional data releases or countermeasures from threat actors and any indications of ransom activity or negotiations.
• Figure’s assurances regarding the integrity of its services and remediation steps across its lending and custody workflows.

Sources & verification

• TechCrunch: Figure confirms data breach, with details on the social‑engineering vector and notification efforts (Feb 13, 2026). https://techcrunch.com/2026/02/13/fintech-lending-giant-figure-confirms-data-breach/
• ShinyHunters’ dark‑web leak page claiming 2.5 GB of Figure data published after the ransom note rejection.
• Figure IPO and valuation details reported by Cointelegraph at the time of the September listing and the IPO price of $25 per share that raised about $787.5 million.
• OPEN launch coverage and its description as a platform for issuing real shares on a blockchain and enabling peer‑to‑peer lending of pledged shares, per Cointelegraph reporting.
• Crypto phishing losses context and the decline in 2025, with data from Scam Sniffer and related Cointelegraph analyses on wallet drains and security trends.

Figure breach tests security of blockchain lending and OPEN platform

Figure Technology, a blockchain‑driven lending firm that trades on the Nasdaq, faced a data breach the company described as the result of social engineering aimed at an employee. A spokesperson cited by TechCrunch on February 13, 2026, said investigators found a limited set of files had been accessed and that the firm had begun notifying those affected and offering free credit monitoring. The disclosure comes amid continued scrutiny of security practices in crypto‑enabled financial services, where the value of open networks is matched by the risk of exposed personal data when staff can be manipulated into providing access.

The attackers’ method was not a broad, automated intrusion, but a targeted manipulation of an individual inside Figure’s organization. This distinction matters because it frames the breach not as a systems‑wide hack into a platform but as a social‑engineering incident that created a path to internal files. The information set exposed in some samples reviewed by TechCrunch included personally identifiable details such as full names, home addresses, dates of birth and phone numbers. The potential impact is twofold: identity theft and phishing campaigns that impersonate Figure or its affiliates, complicating the company’s remediation efforts and potentially eroding client trust.

In the wake of the breach, the security ecosystem around Figure has drawn attention to a dark‑web claim of responsibility by a known group. ShinyHunters asserted on its leak site that the operation was successful after the company refused to meet ransom demands and published roughly 2.5 gigabytes of data purportedly taken from Figure’s systems. The veracity and scope of the data remain under investigation, but the assertion underscores the ongoing danger of data exfiltration as a tactic in post‑breach pressure campaigns.

Figure Technology had gone public the previous September, selling shares at $25 each and raising about $787.5 million, with a reported initial valuation in the multi‑billion range. The company has since been pushing an expansion of its business model through new ventures like the On‑Chain Public Equity Network (OPEN), launched in January 2026 on its Provenance blockchain. OPEN is designed to let companies issue real shares and permit investors to lend or pledge those shares directly to one another, sidestepping traditional brokers, custodians, or exchanges. The move signals Figure’s attempt to fuse tokenized, on‑chain equity with a lending marketplace, aiming to create liquidity channels that are not tethered to centralized intermediaries.

As the breach unfolded, the industry watched for how aggressively Figure would respond: how quickly affected customers would be notified, what data would be offered for protection, and what steps the company would take to harden its systems. The incident also emphasizes the broader reality that security incidents in active crypto and fintech ecosystems can influence investor confidence in newly launched products and platforms that aim to shift how assets are issued and transferred on‑chain. While the OPEN platform promises a more direct and less intermediary‑dependent path for equity transactions, the breach invites closer scrutiny of Figure’s internal controls, access governance, and privacy protections for both retail and institutional users.

The incident is part of a larger narrative in which the crypto security landscape continues to evolve. Researchers have noted that phishing and wallet‑draining incidents surged in the past and then contracted in 2025, even as market cycles reignite risk appetites. The data view from Scam Sniffer shows a dramatic year‑over‑year decline in phishing losses and victims across Ethereum Virtual Machine chains, but security incidents remain a persistent threat, especially when attackers exploit human factors and cross‑system dependencies. The breach at Figure highlights that even as markets and technologies mature, operators must remain vigilant against social engineering and insider threats that can expose customer data and undermine trust in innovative financial services.

https://platform.twitter.com/widgets.js

This article was originally published as Figure Technology Data Breach Exposes Personal Customer Details on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.