Figure Technology, a blockchain-based lending company, confirmed it experienced a data breach. On Friday, Figure spokesperson Alethea Jadick told TechCrunch in a statement that the breach originated when an employee was tricked with a social engineering attack. This allowed the hackers to steal a limited number of files.
The company stated it is communicating with partners and those impacted, and is offering free credit monitoring to all individuals who receive a notice. Figure’s spokesperson did not respond to a series of specific questions about the breach.
The hacking group ShinyHunters took responsibility for the hack on its official dark web leak website. The group stated the company refused to pay a ransom and published 2.5 gigabytes of allegedly stolen data. TechCrunch viewed a portion of the data, which included customers’ full names, home addresses, dates of birth, and phone numbers.
A member of ShinyHunters told TechCrunch that Figure was among the victims of a hacking campaign that targeted customers relying on the single sign-on provider Okta. Other victims of this campaign include Harvard University and the University of Pennsylvania.