- Figure Technology hacked via phishing attack, exposing customer data
- ShinyHunters claimed responsibility, disclosing names, addresses, dates of birth and phone numbers
- Company offering identity theft protection; risk of vishing increased by GenAI and deepfake voice tools
Blockchain lending company Figure Technology has confirmed that it suffered a cyberattack and lost sensitive data on an as yet undisclosed number of its customers.
Figure is a US-based financial technology company that operates its own blockchain, where it originates and records loans (primarily home equity lines of credit), allegedly with faster funding and lower operational costs compared to traditional systems.
The company also operates marketplaces that allow financial institutions to buy and sell tokenized loans and other real-world assets.
The ShinyHunters strike again
The company said TechCrunch it was breached when one of its employees fell victim to a phishing attack and gave the attackers access to its systems. Once inside, the crooks managed to steal a “limited number of files.”
As is standard practice in these cases, Figure said it is working to resolve the issue and is now offering free identity theft and credit monitoring to those affected.
Although Figure did not say how many people were affected or what type of data was taken, the publication believed that ShinyHunters took responsibility. ShinyHunters is one of the most active ransomware groups today, which does not deploy an encryptor, but instead focuses on data exfiltration and demands payment in exchange for file deletion.
The group typically posts a sample on its dark web data leak site, to prove the authenticity of its claims and pressure the victim to pay. That being said, TechCrunch claims the data includes people’s full names, postal addresses, dates of birth and telephone numbers.
It does not appear that email addresses were intercepted, so phishing attacks are probably ruled out. However, vishing could be a real concern, and with the proliferation of generative artificial intelligence (GenAI) and deepfakes, voice attacks have become more frequent and more effective.
Quoting a member of the hacking team, TechCrunch said Figure was among the companies breached via the Okta single sign-on incident.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
