Figure Technology confirmed that some customer files were stolen after an employee was tricked, according to reports. The company says the intrusion happened when an internal account was used to download a limited batch of records. The breach did not stem from a flaw in its blockchain system, but from human error.
Reports say the stolen material was later posted online by a hacker collective that claimed responsibility. The group is said to have released about 2.5GB of data after alleging that ransom talks broke down. That public dump quickly drew attention across the crypto and fintech space.
Customer Names, Contact Details Among Items Exposed
Based on reports that reviewed samples of the leaked files, the exposed data includes full names, home addresses, dates of birth, and phone numbers. These are the kinds of details often used in identity fraud or targeted scams.
The exact number of affected customers has not been shared publicly. That missing figure leaves uncertainty about how large the fallout could be.
Security researchers warn that even when bank accounts or crypto wallets are untouched, personal data alone can create serious risk. Phishing calls, fake loan offers, and account takeover attempts often follow this type of leak.
Total crypto market cap at $2.34 trillion on the daily chart: TradingView
Figure Hit By Social Engineering Attack
According to coverage of the incident, attackers used a social engineering method to gain access to an employee’s credentials or active session. Instead of breaking through code, they relied on deception. Once inside, files were downloaded through that employee’s access rights.
The company said it detected suspicious activity and moved to block it. Outside forensic specialists were brought in to review system logs and determine what was accessed. A broader internal review is also under way.
Image: CybersecAsia
ShinyHunters claimed responsibility for the breach on its leak site. The group has been linked to prior data exposures involving tech and finance firms. In this case, the data was made public after payment demands were reportedly rejected.
Figure said it will notify customers whose information was involved. Free credit monitoring services are being offered to those who receive formal notice. Impacted individuals are being advised to watch for unusual activity and unsolicited messages.
Funds And Core Services Secure
Reports note that lending operations and on-chain systems were not breached. The platform’s core financial infrastructure was not described as affected. Still, the exposure of personal records carries its own weight.
Financial companies remain frequent targets because they hold detailed customer files. A single employee account, if misused, can open a door wider than expected. That lesson has surfaced again here.
Regulators may seek further details in the coming weeks. Customers will be waiting for clearer numbers. The long-term cost, both financial and reputational, will depend on how widely the data spreads and how quickly protective steps are taken.
Featured image from Yahoo Finance, chart from TradingView
