Nearly 1 Million User Records Compromised in Figure Data Breach

ShinyHunters told TechCrunch that Figure is one of the many victims of the recentOkta campaign, which involved voice phishing to target single sign-on (SSO) accounts that the hackers could leverage to access sensitive data.The list of victims also includesBetterment,Crunchbase, andPanera Bread.Related:ShinyHunters-Branded Extortion Activity Expands, EscalatesRelated:Hackers Offer to Sell Millions of Eurail User RecordsRelated:Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data BreachesRelated:Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

The list of victims also includesBetterment,Crunchbase, andPanera Bread.Related:ShinyHunters-Branded Extortion Activity Expands, EscalatesRelated:Hackers Offer to Sell Millions of Eurail User RecordsRelated:Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data BreachesRelated:Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

Related:ShinyHunters-Branded Extortion Activity Expands, EscalatesRelated:Hackers Offer to Sell Millions of Eurail User RecordsRelated:Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data BreachesRelated:Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

Related:Hackers Offer to Sell Millions of Eurail User RecordsRelated:Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data BreachesRelated:Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

Related:Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data BreachesRelated:Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

Related:Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.

SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.

Cyera has appointed Brandon Sweeney as President, Shira Azran as Chief Legal Officer and Joseph Iantosca as Chief Financial Officer.

Source: SecurityWeek