Publicly Traded Blockchain Lender Figure Confirms Customer Data Breach

Core Insights - Figure Technology confirmed a customer data breach due to a social engineering attack targeting an employee, with the hacking group ShinyHunters claiming responsibility and publishing 2.5 gigabytes of stolen data [1][2] Company Overview - Founded in 2018, Figure is a New York-based lender that operates its loan platform on the Provenance blockchain, focusing on home equity lines of credit [4] - The company went public in September 2025, raising $787.5 million in an IPO that valued it at approximately $5.3 billion [4] Incident Details - The breach involved an employee being manipulated into downloading files, which included sensitive customer information such as full names, home addresses, dates of birth, and phone numbers [1][2] - Figure stated that it acted quickly to block the activity and engaged a forensic firm to investigate the affected files [2] Industry Context - A report by Chainalysis indicated that over $17 billion in cryptocurrency was stolen in 2025 through AI-powered impersonation scams, highlighting the growing threat of such attacks [3] - Data breaches were prevalent in 2025, with over 8,000 notification filings related to more than 4,000 incidents affecting at least 374 million individuals [3] Response and Future Actions - Figure is communicating with partners and impacted parties while implementing additional safeguards, including offering complimentary credit monitoring to affected individuals [5] - The company announced a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock and plans to repurchase up to $30 million of Class A shares from underwriters [5] Stock Performance - Following the breach announcement, Figure's stock rose by 3.57% to a price of $35.29, although it has experienced a 37% decline over the past month [6]