Figure Lending Corp Reports Data Breach

Figure Lending Corp, a New York-based financial technology firm, reports a data breach following unauthorized access to its systems. The incident also affected subsidiaries Figure Lending LLC, Figure Markets Credit LLC, and Figure Payment Corporation.

Attackers gained access to Figure's systems on January 28, 2026, and ran unauthorized queries against databases that store loan and loan inquiry data.  The compromised data includes:

• Full names
• Social Security numbers
• Home addresses
• Dates of birth

The nature of the attack and the number of affected individuals is not disclosed. Figure claims that the breach did not involve unauthorized access to customer accounts or funds, and its business operations remained uninterrupted throughout the event.

Figure notified law enforcement and implemented enhanced security and monitoring controls to prevent future incidents. The company is mailing notification letters to affected individuals and providing 24 months of complimentary credit monitoring and identity restoration services.

Update - As of recent reports, the breach impacted approximately 967,200 accounts and was triggered by a social engineering attack targeting an employee. The cybercriminal group ShinyHunters has claimed responsibility for the incident. The scope of compromised data is now confirmed to include email addresses and phone numbers in addition to the sensitive info previously reported.