Fintech lending giant Figure confirms data breach

Figure Technology, a blockchain-based lending company, has confirmed a data breach.

On Friday, Figure spokesperson Alethea Jadick said in a statement that the incident began after an employee was deceived through a social engineering attack, which enabled hackers to steal "a limited number of files."

The company said it is currently communicating "with partners and those impacted," and is offering free credit monitoring "to all individuals who receive a notice."

Figure's spokesperson did not answer several follow-up questions seeking more detail about what data was accessed, how many people may be affected, or when the breach occurred.

The hacking group ShinyHunters claimed responsibility for the breach on its official dark web leak site. The group said Figure declined to pay a ransom and posted 2.5 gigabytes of data it claims was stolen from the company.

A member of ShinyHunters also said Figure was among multiple targets in a broader hacking campaign targeting organisations using Okta's single sign-on provider. Other alleged victims of that campaign include Harvard University and the University of Pennsylvania (UPenn).