Figure Technology, a U.S. fintech company known for its blockchain-based lending and financial products, has publicly confirmed that it suffered a data breach earlier this month after an employee was targeted by a phishing attack.

According to the company, the breach occurred when hackers used social engineering techniques to deceive an employee and gain access to internal systems. This “phishing” attack—where attackers pose as legitimate contacts to trick staff into revealing credentials or access—allowed unauthorized parties to steal a limited number of files from Figure’s internal systems.

Once the intrusion was discovered, Figure initiated its incident response process and began notifying potentially affected parties. The company is also offering free credit monitoring services to individuals who receive notification letters, in an effort to mitigate the risk of identity theft and other fallout from the exposure.

Although Figure has not disclosed the total number of affected customers or exactly when the breach was first detected, reviewers of leaked sample files have indicated that personally identifiable information (PII)—such as names, addresses, dates of birth and phone numbers—may have been included in the accessed data. That kind of information, if misused, can fuel identity fraud or further phishing campaigns.

In addition to the company’s own notices, the ShinyHunters cybercrime group claimed responsibility for the breach on dark web forums, stating that it published roughly 2.5 GB of stolen data after Figure refused to pay an extortion demand. Such behavior has been associated with organized data theft operations where attackers exfiltrate sensitive files and then pressure victims to pay a ransom, sometimes leaking data publicly when demands aren’t met.

The incident underscores the persistent risks that social engineering poses to even well-funded or security-focused companies. Phishing attacks often target human trust and error rather than technical vulnerabilities, making staff awareness and training a crucial line of defense in modern cybersecurity. Analysts note that as financial firms increasingly adopt digital and remote workflows, attackers continue to refine their tactics to exploit employees and third-party partners.

Figure has stated that it is cooperating with partners and regulators as investigations continue. The company has not yet released a detailed timeline of the breach or a full list of affected systems, but the ongoing notifications and monitoring services aim to help consumers protect themselves in the wake of the incident.