Schubert Jonckheer & Kolbe LLP has launched an investigation into a data breach that exposed the personal information of at least 967,000 users associated with Figure Lending Corp and its affiliated entities—Figure Lending LLC, Figure Markets Credit LLC, and Figure Payments Corporation (collectively referred to as “Figure”). Headquartered in North Carolina, Figure is a financial technology firm offering services such as home equity lines of credit, loan refinancing, and cryptocurrency-backed lending. The company also supplies technology platforms and loan administration services to partner lenders and businesses.
Around January 28, 2026, the cybercriminal group known as ShinyHunters reportedly carried out a voice-phishing attack targeting employees at organizations that rely on Okta single sign-on (SSO) systems, including Figure. Through this method, the attackers were able to gain access to and extract data. On February 13, 2026, after Figure declined to pay a ransom demand, ShinyHunters allegedly released approximately 2.5 gigabytes of compressed data files online. Figure confirmed the breach on the same day, and the breach-tracking platform Have I Been Pwned reported that 967,000 user records had been exposed.
Despite the breach occurring in January 2026, notifications to affected individuals were not issued until February 24, 2026, raising potential concerns about compliance with state and federal breach-notification requirements. Information that may have been compromised includes names, Social Security numbers, home addresses, phone numbers, email addresses, dates of birth, loan account numbers, and loan-related details.
Individuals whose personal data was exposed could face heightened risks of identity theft and other privacy violations. Those affected may have legal grounds to seek financial compensation and request court-ordered improvements to Figure’s cybersecurity safeguards.
Click here to know more.
Around January 28, 2026, the cybercriminal group known as ShinyHunters reportedly carried out a voice-phishing attack targeting employees at organizations that rely on Okta single sign-on (SSO) systems, including Figure. Through this method, the attackers were able to gain access to and extract data. On February 13, 2026, after Figure declined to pay a ransom demand, ShinyHunters allegedly released approximately 2.5 gigabytes of compressed data files online. Figure confirmed the breach on the same day, and the breach-tracking platform Have I Been Pwned reported that 967,000 user records had been exposed.
Despite the breach occurring in January 2026, notifications to affected individuals were not issued until February 24, 2026, raising potential concerns about compliance with state and federal breach-notification requirements. Information that may have been compromised includes names, Social Security numbers, home addresses, phone numbers, email addresses, dates of birth, loan account numbers, and loan-related details.
Individuals whose personal data was exposed could face heightened risks of identity theft and other privacy violations. Those affected may have legal grounds to seek financial compensation and request court-ordered improvements to Figure’s cybersecurity safeguards.
Click here to know more.