Figure Data Breach
Gravity Score
ModerateCalculated based on the types of data exposed (5 categories) and the volume of affected records (967,178).
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.
Exposed data
Affected website
figure.com
What to do now
What can we learn from this breach?
Breaches like this offer valuable lessons for the entire industry. Some security practices that help protect data at scale include: encrypting sensitive personal data at rest with properly managed encryption keys; segmenting and isolating databases so that a single breach doesn't expose all records; conducting regular security audits and penetration testing; implementing real-time intrusion detection and incident response plans. Information security is an ongoing process, and each incident reinforces the importance of investing in data protection.
Was your data exposed?
Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.
Check my email
