- Figure technology breached via phishing attack, exposing customer data
- ShinyHunters claimed responsibility and leaked names, addresses, DOBs and phone numbers
- Company that offers protection against identity theft; vishing risk increased by GenAI and deepfake voting tools
Blockchain lending company Figure Technology has confirmed that it has suffered a cyber attack and lost sensitive data on an as yet undisclosed number of its customers.
Figure is a US-based fintech company that operates its own blockchain, where it originates and raises loans (primarily private equity lines of credit), allegedly with faster funding and lower operating costs compared to traditional systems.
The company also operates marketplaces that allow financial institutions to buy and sell tokenized loans and other real-world assets.
ShinyHunters strikes again
The company told TechCrunch it was breached when one of its employees fell for a phishing attack and gave attackers access to its systems. Once inside, the crooks managed to steal a “limited number of files”.
As is standard practice in these cases, Figure said it was working to resolve the issue and is now offering free identity theft and credit monitoring to affected individuals.
While Figure did not share how many people were affected or what kind of records were taken, the publication found that ShinyHunters took responsibility. ShinyHunters is one of the most active ransomware groups these days, which does not implement an encryption, but instead focuses on data exfiltration and demands payment in exchange for deleting the files.
The group usually puts a sample on its dark web data leak site to prove the authenticity of its claims and pressure the victim to pay. Having said that, TechCrunch claims the data includes people’s full names, postal addresses, dates of birth and phone numbers.
It doesn’t appear that email addresses were captured, so phishing attacks are probably off the table. However, vishing (voice phishing) can be a real concern, and with the spread of generative artificial intelligence (GenAI) and deepfakes, voice attacks have become more frequent and successful.
Quoting a member of the hacking team, TechCrunch said figure was among the companies breached via the Okta single sign-on incident.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
