Schubert Jonckheer & Kolbe LLP is investigating a data breach that led to unauthorized access to the sensitive information of at least 967,000 users of Figure Lending Corp and its subsidiaries Figure Lending LLC, Figure Markets Credit LLC, and Figure Payments Corporation (together, “Figure”). Figure is a North Carolina-based financial technology company that provides home equity lines of credit, refinancing, and cryptocurrency-based loans. Figure also provides technology and loan administrative services to other lenders and business partners.

On or around January 28, 2026, the cybercriminal group ShinyHunters used voice phishing techniques to target employees and exfiltrate data from organizations that use Okta single-sign-on (SSO) environments, such as Figure. On or around February 13, 2026, ShinyHunters leaked 2.5 gigabytes of compressed files after Figure did not pay the requested ransom. That same day, Figure confirmed the cyberattack. According to the data breach service Have I Been Pwned, 967,000 Figure user records were compromised.

Although the breach occurred in January 2026, Figure did not notify impacted individuals until February 24, 2026, which may have violated state and federal laws. The following data may have been compromised in the breach: names, Social Security numbers, addresses, phone numbers, emails, dates of birth, loan account numbers, and loan information.

If your personal information was impacted by this incident, you may be at risk of identity theft and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to Figure’s cybersecurity practices.

If you received notification of this data breach or are affiliated with Figure and wish to obtain additional information about your legal rights, fill out the form below.