Figure Technology Solutions: 2.5GB Data Breach Exposes PII of 40k

On Feb. 13, 2026, Figure Technology Solutions, a San Francisco-based fintech company known for its blockchain-powered lending services, confirmed it experienced a data breach after hackers stole files containing sensitive customer information.

The breach was first disclosed after the hacking group ShinyHunters published 2.5 gigabytes of allegedly stolen data on a dark web leak site, claiming responsibility for the attack. According to a statement from Figure’s spokesperson, the incident began when an employee was targeted by a social engineering attack, which allowed unauthorized access to a limited number of files.

The threat actor ShinyHunters claimed Figure refused to pay a ransom, leading to the public release of the stolen information.

Starting on Feb. 23, 2026, the incident was disclosed to the California Attorney General, Indiana Attorney General, Massachusetts Office of Consumer Affairs and Business Regulation, New Hampshire Attorney General, Texas Attorney General and the Washington Attorney General.

According to the official disclosures, the breach has exposed names, addresses, dates of birth, phone numbers, Social Security numbers and financial information (e.g. account number, credit or debit card number, loan information).

The incident has affected 39,866 individuals, including 26,128 residents of Washington, 323 of Texas, 204 of Indiana, 146 of Massachusetts and 107 of New Hampshire.

Figure Technology Solutions' response

The company is offering free credit monitoring services to all individuals who receive a notification regarding the incident.

Given the nature of the breach, individuals who have received a notice should take the following steps:

• Enroll in the free credit monitoring service provided by Figure
• Monitor financial accounts and credit reports for suspicious activity
• Be cautious of unsolicited communications that reference the breach or request further personal information
• Consider placing a fraud alert or credit freeze with major credit bureaus

It is important for affected individuals to remain vigilant, as the publication of PII on the dark web can increase the risk of phishing attempts and identity theft.