In a troubling revelation for the blockchain lending sector, Figure Technology has confirmed that a data breach occurred due to a social engineering attack that compromised sensitive customer information. Company representatives stated that an employee fell victim to a deception scheme, allowing intruders to access and download a limited batch of customer records.
Reports indicate that the attack did not exploit any vulnerabilities within Figure’s blockchain infrastructure; rather, it was a case of human error. The stolen data, which was later released online by a hacker group, comprises approximately 2.5GB of information, sparking widespread concern within the crypto and fintech communities.
Customer Data Exposed
Analyzing the leaked files has unveiled that the compromised information includes full names, home addresses, dates of birth, and telephone numbers—details that can be exploited for identity theft and various types of fraud.
While Figure has yet to disclose the number of affected customers, this uncertainty heightens concerns regarding the potential fallout. Security experts caution that even without monetary loss to bank accounts or crypto wallets, the leaked personal data creates a breeding ground for phishing schemes and targeted scams.
Details of the Attack
The breach was executed using a social engineering tactic that allowed attackers to gain access to an employee’s active session or credentials. Instead of breaking into the system through technical means, they employed manipulation. Once they gained entry, they exploited the employee’s rights to download files.
Upon detecting irregularities, Figure swiftly acted to mitigate the damage, engaging external forensic specialists to analyze system logs and ascertain the extent of the breach. The company is also conducting a comprehensive internal review.
The group claiming responsibility for the breach, ShinyHunters, has previously been associated with data leaks from various technology and finance firms. Reportedly, the group released the data publicly after their ransom demands were disregarded, drawing attention to their ongoing activities.
Figure has committed to notifying affected customers and is offering free credit monitoring services to those involved. Individuals getting formal notification are encouraged to remain vigilant for any unusual activity or unsolicited communication.
Importantly, the underlying lending operations and on-chain systems of Figure were not compromised during the breach, indicating that the core financial infrastructure remains intact. Nonetheless, the exposure of personal records poses significant risks.
Financial institutions are frequent targets for cybercriminals due to the troves of detailed customer information they hold. This incident serves as a stark reminder of the vulnerabilities that can arise from a single compromised employee account, potentially opening the door to widespread repercussions.
In the wake of this incident, regulatory bodies may seek additional details in the ensuing weeks as customers await clarity on the number of affected individuals. The longer-term implications—both reputational and financial—will heavily depend on the dissemination of the data and the promptness of protective measures taken.
Featured image from Yahoo Finance, chart from TradingView
