Figure Lending Corp Data Breach

Recently, Figure Lending Corp (“Figure”), along with its subsidiaries Figure Lending LLC, Figure Markets Credit LLC, and Figure Payments Corporation, detected unauthorized activity on internal systems. According to the company’s notice, Figure acted quickly to stop the activity, enhance security measures, and engage a leading cybersecurity firm to investigate the incident. The company also reported the event to law enforcement and is fully cooperating with authorities.

The investigation determined that on January 28, 2026, data containing personal information was obtained through unauthorized queries on company databases used for loan and loan‑inquiry data. Figure reports no evidence of unauthorized access to customer accounts or funds, and business operations remain unaffected. The company also stated that account safeguards remain active and continuously monitored. Notification letters are being issued directly to affected individuals.

Figure Lending is a technology‑driven lender specializing in blockchain‑enabled home equity lines of credit and refinancing, crypto‑backed loans, and loan administration services for business partner lenders.

Figure is offering two years of complimentary credit monitoring and identity restoration services through TransUnion, including access to credit monitoring tools and identity theft resolution support. Impacted individuals received enrollment instructions, activation codes, and an enrollment deadline of May 31, 2026.

The company advised recipients to remain vigilant by reviewing account statements, monitoring credit reports, and reporting suspicious activity. Additional steps—such as fraud alerts, credit freezes, and contacting consumer protection agencies—were included in the attachments titled “Attachment A” and “Attachment B” in the notification package.

If you received a Data Breach Notification Letter from Figure, it confirms that your information was potentially impacted.

What information is involved in the Figure Lending Corp Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes data that can uniquely identify you. When such information is exposed, individuals face increased risks of identity theft, including fraudulent account creation, impersonation attempts, and other misuse.

A specific category of PII is Protected Health Information (PHI). While the Figure notice does not indicate PHI exposure, any sensitive data within loan‑related documentation can still increase identity theft risk and requires protection under state and federal law.

Figure has recommended that affected individuals enroll in the free TransUnion monitoring services, continue to monitor financial accounts, and take protective steps such as placing fraud alerts or credit freezes. Additional instructions—along with contact information for the three major credit bureaus—were provided in the notification letter and attachments.

Residents of California benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which grants enhanced rights regarding personal data. California residents also benefit from enhanced medical privacy protections under the Confidentiality of Medical Information Act (CMIA).

If you received a NOTICE OF DATA BREACH letter from Figure, your personal information may be at risk and could be misused for identity theft or fraud.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.