Figure — 967K accounts
Severity: Medium · Kind: Data breach
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online . The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.
Breach facts
- Accounts affected
- 967,178
- Verified
- Yes
- Sensitive
- No
- Domain
- figure.com
- Data exposed
- Dates of birthEmail addressesNamesPhone numbersPhysical addresses
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.