#United States #Cybersecurity #Data Breach #North Carolina #Figure Lending

Figure Lending Corp Under Investigation for Data Breach

In a significant incident raising alarms about data security, Figure Lending Corp, a North Carolina-based financial technology company, is now facing an investigation into a massive data breach. This breach has reportedly compromised the sensitive information of approximately 967,000 users, including confidential details such as names, social security numbers, addresses, and loan account information.

Background of the Breach

The cyberattack, attributed to the notorious group ShinyHunters, took place around January 28, 2026. Reports indicate that ShinyHunters utilized sophisticated voice phishing techniques to infiltrate the organization's systems. Specifically, targets included employees of companies utilizing Okta single-sign-on (SSO) services, among which Figure was impacted. Following the breach, the hacker group threatened to release sensitive information unless a ransom was paid. After Figure declined to comply with their demands, approximately 2.5 gigabytes of data were leaked on February 13, 2026.

Despite the breach occurring in January, Figure did not inform those affected until February 24, 2026, raising concerns about compliance with state and federal notification laws. With names, contact information, social security numbers, and even loan account details compromised, individuals whose data was accessed are now at a heightened risk of identity theft and further privacy violations.

Implications for Figure Lending Corp

The implications of this breach for Figure Lending and its subsidiaries, which include Figure Lending LLC, Figure Markets Credit LLC, and Figure Payments Corporation, could be severe. Not only is the company facing legal scrutiny, but it may also incur significant financial penalties if found to have violated data protection regulations. Furthermore, this incident raises questions about the effectiveness of Figure's cybersecurity protocols and its overall risk management practices.

Schubert Jonckheer & Kolbe LLP is currently working to represent affected individuals, offering legal avenues for those whose information has been compromised. If you believe your personal data is among the breached records, it is crucial to assess potential risks and consider taking action, as there may be grounds for seeking compensation.

What Can Affected Users Do?

If you received a notification regarding this data breach, it is essential to remain vigilant about potential identity theft. Here are some steps you can take:

• - Monitor Your Accounts: Keep a close eye on your financial statements and bank accounts for any unauthorized transactions.
• - Set Up Fraud Alerts: Consider placing a fraud alert on your credit report to make it more difficult for identity thieves to open accounts in your name.
• - Check Your Credit Report: Regularly review your credit report for any unfamiliar accounts or inquiries.
• - Consider Identity Theft Protection Services: Numerous companies provide identity theft protection; these services can help mitigate some of the risks associated with data breaches.

Moving Forward

The breach at Figure Lending Corp is a stark reminder of the vulnerabilities present in widespread data management systems. As cybersecurity threats continue to evolve, companies must prioritize their data protection measures and ensure compliance with legal standards for notifying consumers about breaches. For those affected, awareness and proactive measures can make a significant difference in safeguarding their personal information.

For up-to-date information and potential legal recourse, impacted individuals can contact Schubert Jonckheer & Kolbe LLP or visit their website for more details. In today's digital age, maintaining the security of personal data is more crucial than ever.