Data breach at fintech giant Figure affects close to a million customers

A data breach that struck the blockchain-based lending heavyweight Figure appears to have affected close to 1 million customers, according to a security researcher who reviewed material circulating online.

Last week, Figure acknowledged that intruders accessed its systems and stole “a limited number of files.” The company did not specify exactly which information was taken, nor did it disclose how many customers may have been affected.

On Wednesday, security researcher Troy Hunt, best known as the founder of the breach-notification service Have I Been Pwned, examined data that is allegedly tied to the Figure incident. Hunt said the dataset contained 967,200 unique email addresses linked to Figure customers.

Beyond email addresses, the exposed data reportedly included customers’ names, dates of birth, home addresses, and phone numbers.

Figure did not respond to a request for comment, and did not say whether it disputes Hunt’s assessment or the scale of the affected records.

The cybercrime group ShinyHunters claimed responsibility for the attack last week. The group posted around 2.5 gigabytes of data, reportedly stolen from Figur, to its leak site, where it routinely pressures victims by publishing data when extortion demands are not met.