Public breachBreachXposedOrNot· 1 Jan 2026

FigureTechnology

Domain: figure.com

What happened

Figure, a fintech lending platform, had customer data publicly posted online in February 2026 after a social engineering attack, exposing around 1M unique email addresses along with names, phone numbers, physical addresses, and dates of birth.

Breach facts

Records exposed: 995,712
Sensitive: No
Industry: Finance
Data exposed: Email addressesNamesPhone numbersPhysical addressesDates of birth

Check my email →← All breaches

This page summarises publicly reported breach metadata for awareness. For account recovery or incident response, use the official guidance from the affected service.

Breach data provided by XposedOrNot.