Figure Technology said an employee was socially engineered, allowing an actor to download a limited set of files. The hacking group ShinyHunters claimed responsibility and said it published 2.5 GB of data; TechCrunch reviewed files that allegedly included full names, home addresses, dates of birth and phone numbers. Figure said it blocked the activity, retained a forensic firm, is notifying affected parties, and is offering complimentary credit monitoring. The breach was linked to a broader campaign targeting Okta single sign-on and comes as Figure — which went public in Sept. 2025 under ticker FIGR — announced a proposed secondary offering and share repurchase plan.

Employee was socially engineered and an actor downloaded files containing alleged PII (names, addresses, DOBs, phone numbers); the threat actor ShinyHunters claims to have published 2.5 GB of data; company engaged a forensic firm, is notifying affected parties and offering credit monitoring; incident is linked to a broader Okta SSO campaign and coincides with a proposed secondary offering and buyback plan.