- Figure Technology compromised through a phishing attack, exposing customer data
- ShinyHunters claimed responsibility and leaked names, addresses, date of birth and phone numbers.
- Company that offers protection against identity theft; Vishing risk increased by GenAI and deepfake voice tools
Blockchain lending company Figure Technology has confirmed that it suffered a cyberattack and lost confidential data of an as yet undisclosed number of its clients.
Figure is a US-based fintech company that operates its own blockchain, where it originates and records loans (primarily home equity lines of credit), reportedly with faster funding and lower operating costs compared to traditional systems.
The company also operates marketplaces that allow financial institutions to buy and sell tokenized loans and other real-world assets.
ShinyHunters strikes again
The company said TechCrunch was breached when one of its employees fell for a phishing attack and gave the attackers access to its systems. Once inside, the criminals managed to steal a “limited number of files.”
As is common practice in these cases, Figure said it was working to address the issue and is now offering free identity theft and credit monitoring to affected people.
While Figure did not share how many people were affected or what type of records were taken, the publication found ShinyHunters taking responsibility. ShinyHunters is one of the most active ransomware groups these days, which does not deploy an encryptor, but instead focuses on data exfiltration and demands payment in exchange for deleting files.
The group often posts a sample on its dark web data leak site, to prove the authenticity of its claims and pressure the victim to pay. That said, TechCrunch claims that the data includes people’s full names, postal addresses, dates of birth and telephone numbers.
It doesn’t appear that email addresses have been captured, so phishing attacks are probably ruled out. However, vishing (voice phishing) could be a real concern, and with the proliferation of Generative Artificial Intelligence (GenAI) and deepfakes, voice attacks have become more frequent and successful.
Quoting a member of the hacking team, TechCrunch said Figure was among the companies affected through the Okta single sign-on incident.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
