Nearly 1 million user records have been compromised in a data breach at blockchain-powered lender Figure Technology Solutions.
The company confirmed to TechCrunch that it suffered a data breach after an employee fell victim to a social engineering attack, saying the attackers obtained a limited number of files.
The ShinyHunters hacker group took credit for the attack on Figure. On its Tor-based leak website the cybercrime group made available more than 2.4GB of archive files allegedly containing data stolen from the company.
The data breach notification service Have I Been Pwned has analyzed the leaked data and identified roughly 967,000 Figure user records.
The exposed information includes names, dates of birth, email addresses, postal addresses, and phone numbers.
Figure Technology Solutions is a Nasdaq-listed fintech firm specializing in blockchain-based home equity lending and mortgage services.
ShinyHunters told TechCrunch that Figure is one of the many victims of the recent Okta campaign, which involved voice phishing to target single sign-on (SSO) accounts that the hackers could leverage to access sensitive data.
The list of victims also includes Betterment, Crunchbase, and Panera Bread.
Related: ShinyHunters-Branded Extortion Activity Expands, Escalates
Related: Hackers Offer to Sell Millions of Eurail User Records
Related: Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches
Related: Dutch Carrier Odido Discloses Data Breach Impacting 6 Million
