Figure Technology Solutions 2026 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
Figure Fintech Lending Platform Breach (2026): 1 Million Borrower Records Including DOB & Home Address Exposed
Fintech company offering home equity, lending, and blockchain-based financial products.
Verified by ObscureIQ Intelligence
54/100Breach Risk Index
5Data Value
80Market Recency
68dSince Breach
Breach Intelligence Summary
Entity: Figure Technology Solutions · Actor: ShinyHunters · Sources: 3 references
Attack: Social Engineering
Profile: Financial institution · Lending and financial technology services · Fintech platform · USA
Timeline: Breach (2026-01-01) · Indexed (Feb 18, 2026) · Year (2026)
Exposure: 1.0M records · 5 fields: Date of Birth, Email Address, Full Name, Phone Number, Physical Address
Status: Reported
Executive Summary
Figure Technology Solutions, a U.S.-based fintech lending platform best known for digital home equity lines of credit, was breached in January 2026. Data from the platform was publicly posted online in February 2026, with breach-tracking services Have I Been Pwned and DataBreach.com indexing the dataset shortly afterward. Figure confirmed the incident and attributed it to a social-engineering attack in which an employee was tricked into providing access to internal systems.\n\nThe publicly circulating dataset covered approximately 967,000 unique customer records, with HIBP indexing roughly 900,000 unique email addresses. Compromised fields in the public subset included names, dates of birth, email addresses, phone numbers, and physical addresses. State-attorney-general filings, including those with California and Texas authorities, indicated that the underlying breach also exposed Social Security numbers and financial account information for some individuals, beyond the more limited field set published publicly. The threat actor ShinyHunters has been associated with the broader campaign.\n\nFor affected borrowers, the practical risk profile depends on which records were exposed. The publicly circulating subset of name, date of birth, address, and phone number is a strong base for targeted phishing and SIM-swap impersonation, particularly for messages that reference real loan or property relationships. The wider state-filing scope is materially more severe, with Social Security numbers and financial account information supporting fraudulent credit applications and identity-verification bypass at other financial institutions. Affected Figure customers should freeze credit at all three U.S. bureaus, monitor financial accounts closely, and treat any unsolicited contact referencing past loan applications, home equity products, or property records with caution.
ObscureIQ assessment: High risk of identity theft, loan fraud, and targeted financial scams. Lending data can also reveal economic stress, making victims more susceptible to coercive fraud.
Breach Impact
The institutional impact on Figure is meaningful given the company's positioning at the intersection of consumer lending and capital markets infrastructure. The breach added to a string of recent fintech compromises that has increased regulatory scrutiny on third-party identity controls. State-attorney-general filings disclosed broader field exposure than the publicly circulating subset, including Social Security numbers and financial account information, raising expected costs of customer notification, credit monitoring, and likely class-action exposure. The reputational hit is concentrated among home-equity and mortgage borrowers, an audience that interacts with multiple sensitive financial relationships and weighs trust heavily in lender selection. The Securities and Exchange Commission's Regulation S-P also creates regulatory exposure for affected fintech lenders.
About Figure Technology Solutions
Figure Technology Solutions is a U.S.-based fintech lending company headquartered in San Francisco. Founded in 2018 by SoFi co-founder Mike Cagney, the company offers digital home equity lines of credit (HELOCs), mortgage refinancing, and consumer lending products through a fully digital origination process. Figure also operates blockchain-based capital-markets infrastructure used by other lenders to securitize loans. As a regulated lender, the company collects deeply sensitive borrower information during origination, including identity documents, income and employment data, property valuations, credit histories, and bank account verifications used to fund and service loans. The customer base is concentrated in the United States across mortgage and home-equity products.
Why They Hold Your Data
Fintech lending platforms collect borrower identity, financial records, income and employment data, property or asset information, and account activity across loan-origination and servicing workflows.
Recent Developments
Figure publicly disclosed the breach in late February 2026, after data first appeared online and was independently indexed by breach-tracking services. The company attributed the incident to a social-engineering attack in which an employee was tricked into providing access. State filings, including those with the California, Texas, and Maine attorneys general, indicated that some affected records also included Social Security numbers and financial account information beyond the publicly circulating subset. ShinyHunters has been associated with the underlying campaign, consistent with a broader 2025–2026 pattern of identity-based attacks against fintech and financial services firms by the same threat-actor cluster.
Data Points Exposed
5 verified field types
Date of Birth High
Email Address
Full Name High
Phone Number
Physical Address High
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Identity verification bypass
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
Threat Actor: ShinyHunters
ShinyHunters
Social Engineering
Attribution and method are based on available breach intelligence. Reported attack vector: Social Engineering.
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Figure Technology Solutions breach?▾
Figure Technology Solutions, a U.S.-based fintech lending platform best known for digital home equity lines of credit, was breached in January 2026. Data from the platform was publicly posted online in February 2026, with breach-tracking services Have I Been Pwned and DataBreach.com indexing the…
What data was exposed?▾
Verified fields include Date of Birth, Email Address, Full Name, Phone Number, Physical Address.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation