Fintech lending powerhouse Figure Technology has confirmed a significant data breach, sending ripples through the financial technology sector. The blockchain-based lending company disclosed that the incident stemmed from a sophisticated social engineering attack, which successfully tricked an employee and led to the compromise of “a limited number of files.”
ShinyHunters Claims Credit Amid Ransom Dispute
The notorious hacking collective ShinyHunters has publicly claimed responsibility for the breach. On its dark web leak site, the group asserted that Figure Technology refused to meet its ransom demands, prompting the publication of approximately 2.5 gigabytes of allegedly stolen data.
An examination of a portion of the leaked data reveals sensitive customer information, including full names, home addresses, dates of birth, and phone numbers. This exposure raises serious privacy concerns for Figure’s clientele.
Social Engineering and the Okta Connection
Figure’s spokesperson, Alethea Jadick, confirmed to TechCrunch that the breach originated from a social engineering attack. While Figure has stated it is “communicating with partners and those impacted” and offering free credit monitoring to affected individuals, the company has remained tight-lipped regarding specific details of the breach.
Intriguingly, a member of ShinyHunters indicated that Figure was just one target in a wider hacking campaign. This campaign reportedly focused on organizations that rely on the single sign-on (SSO) provider Okta. Other high-profile institutions, including Harvard University and the University of Pennsylvania (UPenn), have also been identified as victims of this broader Okta-related compromise, suggesting a systemic vulnerability exploited by the attackers.
What’s Next for Figure and Its Customers?
As Figure navigates the aftermath of this security incident, the focus will be on the extent of the data compromise and the measures taken to prevent future attacks. For customers, vigilance is paramount. The offer of free credit monitoring is a standard response, but individuals should also consider additional steps to protect their identities, given the nature of the exposed personal information.
The incident serves as a stark reminder of the persistent threat of social engineering and the critical importance of robust cybersecurity defenses, particularly for companies handling sensitive financial data and those integrating third-party authentication services like Okta.
For more details, visit our website.
Source: Link
Leave a comment