Cyber Incident Victim: Figure

On January 28, 2026, Figure Technology experienced an incident where personal data was accessed via database queries involving loan and inquiry records. Figure Lending Corp. discovered that personal information was retrieved by querying company databases containing records of loans and loan inquiries. Following an investigation, they determined that certain personal data may have been acquired, including names, Social Security numbers, addresses, phone numbers, email addresses, dates of birth, loan account numbers, and loan information. The breach affected nearly 1 million users, as indicated in the title of the press release. The incident was disclosed to the public in a press release dated April 9, 2026.

The exposed data places affected individuals at increased risk of identity theft and fraud. Edelson Lechtzin LLP, a national class action law firm, is actively investigating data privacy claims arising from the Figure Lending Corp. data breach. The firm is pursuing a class action seeking legal remedies for individuals whose sensitive personal data may have been compromised. Figure Lending Corp. has undertaken an investigation to determine the scope of the unauthorized access and has notified affected individuals of the breach.

Figure Lending Corp. operates as a fintech firm using blockchain technology to offer quick home equity loans, refinancing, and crypto-backed lending services. The breach involved database queries targeting loan and inquiry records. No further details about attacker identity, method beyond queries, or containment measures are provided in the source material.