Figure Data Breach

27/01/2026 · 967,178 records · moderate risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (5 categories) and the volume of affected records (967,178).

Information linked to the lending fintech Figure was posted publicly, with records dating back to January 2026. The company confirmed the incident and said it stemmed from a social engineering event where an employee was tricked into granting access.

The exposed dataset includes over 900,000 unique email addresses together with names, phone numbers, physical addresses, and dates of birth. These details can identify customers and be reused in identity based scams.

Exposed data

Dates of birth Email addresses Names Phone numbers Physical addresses

What to do based on this breach

Be wary of loan related outreach that asks you to confirm your date of birth and address as “verification”

Enable credit monitoring and review credit inquiries in your name where available, given the combined personal details

Add a carrier PIN or port out lock with your mobile provider if available to reduce SIM swap risk

Ask Figure under applicable privacy rights to confirm what was exposed and how you can obtain a copy of your personal data

What can we learn from this breach?

Social engineering incidents show security is not only technology, it is also process and training. When dates of birth, addresses, and phone numbers are exposed, identity scams become easier, so organizations should strengthen internal identity checks, require approvals for access, and keep continuous training to prevent a single mistake from turning into a major leak.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Canadian Tire

01/10/2025 38,306,562 records high risk

5 data types in common

Odido

11/02/2026 6,077,025 records high risk

5 data types in common

← All breaches