Hackers Leak Figure Customer Data After Social Engineering Breach
Figure confirms a customer data breach after hackers used social engineering, exposing personal information but no financial assets.
Quick Take
Summary is AI generated, newsroom reviewed.
Figure confirmed a customer data breach caused by social engineering
Hackers accessed personal information, not funds or financial accounts
ShinyHunters leaked data after Figure refused to pay a ransom
The attack reflects growing human-layer risks in crypto security
According to Coin Bureau, blockchain lending firm Figure Technologies confirmed a customer data breach following a targeted social engineering attack. Hackers did not exploit smart contracts or infrastructure. Instead, they manipulated an employee into granting access. As a result, attackers obtained sensitive customer information through compromised internal credentials.
⚠️HACKERS LEAK FIGURE CUSTOMER INFORMATION
— Coin Bureau (@coinbureau) February 14, 2026
Figure confirmed hackers accessed customer data after an employee was targeted in a social engineering attack.
The hacking group ShinyHunters says Figure refused to pay a ransom, exposing names, addresses, birth dates & phone numbers. pic.twitter.com/xq0nwzYlGU
Importantly, the breach did not involve financial losses or fund theft. However, the leaked information remains serious. Exposed data includes customer names, home addresses, birth dates, and phone numbers. While no bank details or crypto balances were accessed, this type of personally identifiable information still carries long-term risks. Identity theft and phishing attempts often follow such disclosures.
ShinyHunters Escalates After Ransom Refusal
The hacking group ShinyHunters publicly claimed responsibility for the attack. After Figure refused to pay a ransom, the group released the data online. This approach fits a familiar pattern. ShinyHunters has repeatedly targeted fintech platforms, leaking stolen data when extortion efforts fail. Therefore, this breach reflects pressure tactics rather than a one-off incident.
This incident highlights a growing weakness across crypto and fintech companies. Technical defenses continue to improve, yet human vulnerability remains a critical attack surface. In fact, research from Verizon shows that social engineering plays a role in the majority of modern data breaches. Attackers increasingly bypass code and instead exploit trust, urgency, and misinformation.
What This Means for Crypto Users
For customers, the risks do not end with confirmation statements. Stolen personal data can circulate for years. Consequently, security experts recommend monitoring credit activity and remaining cautious about unsolicited communications. Meanwhile, for crypto firms, the message is clear. Strong security systems mean little without continuous employee training and internal access controls.
As crypto adoption grows, attackers shift focus from exploits to extortion. This breach reinforces that reality. Regulation, compliance, and public trust all depend on data protection. Therefore, incidents like this raise broader questions about operational maturity across the industry.
References
Follow us on Google News
Get the latest crypto insights and updates.
