NextFin News - Figure Technology Solutions, a prominent leader in blockchain-based lending and financial services, officially confirmed on Friday, February 13, 2026, that it has fallen victim to a targeted data breach. The incident, which originated from a sophisticated social engineering attack on a company employee, resulted in the unauthorized exfiltration of what the company describes as a "limited number of files." According to TechCrunch, the breach has exposed sensitive personal information of Figure’s clientele, including full names, home addresses, dates of birth, and telephone numbers.
The hacking collective known as ShinyHunters has claimed responsibility for the intrusion, asserting on its dark web leak site that Figure refused to comply with a ransom demand. To substantiate their claims, the group published approximately 2.5 gigabytes of stolen data. A member of ShinyHunters indicated that Figure was part of a broader campaign targeting organizations that utilize Okta as their single sign-on (SSO) provider. This same campaign reportedly impacted other high-profile institutions, including Harvard University and the University of Pennsylvania. In response, Figure spokesperson Alethea Jadick stated that the company is working closely with partners and affected individuals, offering free credit monitoring services to those whose data was compromised.
This breach serves as a stark reminder that even the most technologically advanced fintech firms—those built on the immutable and decentralized principles of blockchain—are not immune to the oldest trick in the cybercriminal playbook: human manipulation. While Figure’s core value proposition lies in using the Provenance Blockchain to streamline loan origination and equity management, the security of the underlying ledger does not protect against vulnerabilities in the administrative layer. The use of social engineering to bypass SSO protections demonstrates that the "human firewall" remains the weakest link in the financial technology ecosystem.
From an industry perspective, the targeting of Okta-dependent organizations suggests a strategic shift by threat actors like ShinyHunters. By focusing on identity providers, hackers can gain broad access to multiple enterprise environments through a single point of failure. For a company like Figure, which manages highly sensitive financial data for home equity lines of credit (HELOCs) and other lending products, the reputational risk is substantial. The exposure of 2.5 gigabytes of data may seem small compared to massive historical breaches, but in the context of high-stakes lending, the precision of the data—linking physical addresses to financial identities—is particularly dangerous for identity theft and targeted phishing.
The timing of this incident is also critical for the broader fintech sector. Under the current administration, U.S. President Trump has emphasized the importance of American leadership in financial innovation and digital assets. However, this push for deregulation and rapid growth must be balanced against the escalating threat landscape. As U.S. President Trump’s administration continues to shape the regulatory environment for blockchain firms, this breach may prompt the Federal Trade Commission (FTC) and other regulators to demand more rigorous multi-factor authentication (MFA) standards that go beyond traditional SMS or push-based notifications, which are increasingly susceptible to social engineering.
Looking forward, the Figure breach is likely to accelerate the adoption of "Zero Trust" architectures within the fintech space. Companies can no longer rely on the assumption that a user is legitimate simply because they have passed an SSO gateway. We expect to see a trend toward hardware-based security keys and behavioral biometrics that monitor for anomalous activity even after a user has logged in. Furthermore, as Jadick and the Figure team navigate the aftermath, the company’s ability to maintain its growth trajectory—following its successful 2025 public market activity—will depend on its transparency and the efficacy of its remedial measures. For the industry at large, the lesson is clear: blockchain secures the transaction, but only comprehensive, identity-centric security can protect the customer.
Explore more exclusive insights at nextfin.ai.
