Company Disclosure And Initial Details
Figure Technology, a blockchain based lending company, confirmed it suffered a data breach, according to a statement shared with TechCrunch on Friday. The company’s spokesperson, Alethea Jadick, said the incident began when an employee was targeted in a social engineering attack, which allowed attackers to steal “a limited number of files.” The company said it is communicating with partners and affected individuals and is offering free credit monitoring to everyone who receives a notice about the breach. Figure did not answer a series of follow up questions about the scope of the incident.
Claims By The Hacking Group
The hacking group ShinyHunters claimed responsibility for the breach on its dark web leak site. The group said Figure refused to pay a ransom and said it published 2.5 gigabytes of data it described as stolen from the company. TechCrunch reviewed a portion of the material, which included customers’ full names, home addresses, dates of birth, and phone numbers.
Connection To A Wider Campaign
A member of ShinyHunters told TechCrunch that Figure was one of several victims in a hacking campaign that targeted organizations using the single sign on provider Okta. The same source said other victims of that campaign include Harvard University and the University of Pennsylvania.
Company Response And Next Steps
Figure said it is notifying affected parties and providing credit monitoring services. The company did not provide details about how many people were affected or what specific files were taken, beyond saying the number of files was limited. The spokesperson did not respond to additional questions about the breach, including whether any systems beyond the employee’s account were accessed.
Featured image credits: Pickpik
For more stories like it, click the +Follow button at the top of this page to follow us.