Fintech lending giant Figure confirms data breach

Figure Technology confirmed a data breach due to a social engineering attack, resulting in stolen files containing sensitive customer information. The hacking group ShinyHunters claimed responsibility and published part of the data after Figure refused to pay a ransom. The company is providing free credit monitoring to affected individuals and is collaborating with partners to address the fallout.

Key Points

• Figure Technology confirmed a data breach that involved social engineering targeting an employee.
• The hack was executed by the group ShinyHunters, who claims Figure refused to pay a ransom.
• Approximately 2.5 gigabytes of data was released, including sensitive customer information such as names, addresses, birth dates, and phone numbers.
• The attack was part of a larger campaign affecting other organizations using Okta, including Harvard University and UPenn.
• Figure is offering free credit monitoring to those impacted and is working with partners to resolve the issue.

Relevance

• Data breaches are increasingly common in the fintech sector, reflecting broader concerns about cybersecurity.
• The use of social engineering exploits underlines the need for enhanced employee training and security measures.
• Similar data breaches have affected other institutions, revealing weaknesses in third-party software like single sign-on providers.

The breach underscores the vulnerability of fintech institutions to cyber threats and emphasizes the necessity for robust security protocols to protect sensitive customer information.