Data breach at fintech giant Figure affects close to a million customers

Figure Technologies, a prominent fintech company based in the United States, confirmed on June 15, 2023, that it had experienced a significant data breach affecting approximately 900,000 customers, with hackers successfully accessing sensitive personal information including names, dates of birth, physical addresses, phone numbers, and email addresses. The breach, which occurred over a two-week period in May 2023, was discovered during routine security monitoring when unusual activity was detected in the company's customer database. Figure's cybersecurity team immediately launched an investigation and contained the breach within 48 hours of discovery. In an official statement, CEO Mike Cagney emphasized that no financial information or account access details were compromised during the incident. Customers affected by the breach have been notified via email and are being offered free identity theft protection services for two years through a partnership with Experian. The company has also implemented enhanced security measures, including multi-factor authentication across all customer accounts and additional encryption protocols for sensitive data. Federal regulators, including the Federal Trade Commission and the Consumer Financial Protection Bureau, have been notified of the breach as required by law. This incident highlights the growing cybersecurity challenges facing financial technology companies as they handle increasingly large volumes of sensitive customer data. Industry experts note that fintech firms often become prime targets for cybercriminals due to the valuable nature of financial information they possess, even when direct financial data isn't compromised. Figure's response has been praised by cybersecurity analysts for its transparency and proactive measures to protect affected customers.