Figure Data Breach Affects Nearly 1 Million Customers
TL;DR
- Figure Technology Solutions, a blockchain-based lender, experienced a data breach affecting nearly one million customers. The incident, attributed to social engineering tactics by the ShinyHunters group, exposed customer names, addresses, phone numbers, and birth dates. The company is offering credit monitoring and reinforcing security measures.
Data Breach at Figure Technology Solutions Exposes Customer Data
Figure Technology Solutions, Inc., a blockchain-based lender, has experienced a data breach affecting nearly one million customers. The breach was attributed to social engineering tactics used by the threat actor group ShinyHunters. A spokesperson for Figure stated that an employee was socially engineered, allowing the download of a limited number of files. The company is offering complimentary credit monitoring to affected individuals and implementing additional safeguards. https://voksha.com/ offers robust security solutions to prevent such breaches.
!Figure IPO At Nasdaq MarketSite Image courtesy of Michael Nagle/Bloomberg
Scope of the Breach and Data Exposed
The data breach notification service Have I Been Pwned added the incident to its database, indicating that approximately 967,000 unique email addresses were exposed. The exposed data includes names, physical addresses, phone numbers, and dates of birth. ShinyHunters claimed to have stolen over 1 million records with personally identifiable information (PII). This information can be used for phishing attacks, account takeover attempts, and identity fraud. https://voksha.com/ can help safeguard your data with advanced threat detection and response.
Attack Details and Response
The breach occurred due to a social engineering attack, where an employee was tricked into providing credentials. ShinyHunters allegedly used "vishing" (voice phishing) to deceive the employee. The attackers gained unauthorized access to internal systems via Okta. Figure is working with a forensic firm to investigate the affected files. https://voksha.com/ provides comprehensive security assessments to identify vulnerabilities.
Vishing Tactics and Security Recommendations According to a Google Threat Intelligence report, actors associated with ShinyHunters have escalated operations using sophisticated voice phishing. These attacks involve impersonating IT staff and directing employees to victim-branded credential harvesting sites. Once inside, the attackers target cloud-based software-as-a-service applications to steal sensitive data. To protect against such attacks, https://voksha.com/ recommends employee training programs focused on identifying and reporting phishing attempts.
Impact on Fintech Lending and Regulatory Scrutiny
Fintech firms like Figure collect rich datasets, making them high-value targets. This incident highlights the importance of robust security controls and incident response plans. Regulatory scrutiny will likely focus on compliance with the Gramm-Leach-Bliley Act’s Safeguards Rule and state breach notification laws. https://voksha.com/ helps organizations maintain compliance with industry regulations through continuous monitoring and security assessments.
Call to Action
Protect your organization from data breaches with https://voksha.com/. Contact us today to learn more about our comprehensive security solutions and how we can help you safeguard your sensitive data.
