Figure Lending Facing Class Action Lawsuit Over February 2026 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit alleges that Figure Lending failed to implement reasonable cybersecurity measures to protect sensitive customer information prior to a February 2026 cyberattack that the fintech mortgage company apparently failed to timely report.

Get class action lawsuit and class action settlement news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter.

The 46-page data breach lawsuit contends that Figure Lending, described as the “nation’s largest non-bank provider of home equity lines of credit,” did not fulfill its duty to safeguard borrowers’ data from unauthorized access. Per the lawsuit, a targeted cyberattack discovered by the defendant on or around February 14, 2026 impacted “a litany of highly sensitive personal information,” including, at least, full names, home addresses, dates of birth and phone numbers.

According to the complaint, the prolific hacking group called ShinyHunters claimed responsibility for the data breach and reportedly posted to the dark web 2.5 gigabytes of stolen data that was allegedly obtained through a social engineering attack that tricked a Figure Lending employee.

However, the case maintains that the Figure Lending data breach was preventable and that the defendant’s failure to follow industry-standard cybersecurity guidelines, including those outlined by the Federal Trade Commission, rendered borrowers’ personal identifiable information (PII) an “easy target” for cybercriminals.

“PII is highly valuable, and Defendant knew, or should have known, the risk in obtaining, using, handling, emailing, and storing the PII of Plaintiff and Class Members’ [sic] and the importance of exercising reasonable care in handling it,” the filing reads. “Defendant improperly and inadequately safeguarded the PII of Plaintiff and the Class in deviation of standard industry rules, regulations, and practices at the time of the Data Breach.”

The lawsuit argues that consumers who handed over their information to Figure Lending in order to obtain its services, such as home equity lines of credit and crypto-backed loans, expected that their data would be fully protected and disclosed only under authorized circumstances.

Related Reading: Class Action Lawsuit Claims Figure Lending Misled Borrowers, Misrepresented Loans as HELOCs

Consumers lost their end of the bargain, the case claims, as they were left to deal with “widespread injury and monetary damages” after their data was not safeguarded in accordance with Figure Lending’s own privacy policy and state and federal law. Potential data breach-related damages include exposure to a heightened risk of identity theft, fraud, the costs of credit monitoring and credit fees, and the diminished value of their privacy and personal data, the case adds.

Furthermore, the filing contends that Figure Lending’s cybersecurity failures were compounded by its failure to promptly disclose the breach to those who were impacted, as the company effectively kept consumers “in the dark” about the imminent risk of breach-related injury and deprived them of any opportunity to mitigate damages.

Per the complaint, Figure Lending has confirmed the data breach to external third parties such as newsrooms, claiming it only affected a “limited number of files,” and is offering free credit monitoring services only to those who received a notice.

 The case shares that these remedies only cover “some victims” and are “wholly insufficient” to compensate the scope of damages that punitive class members face.

Cybersecurity publication Bleeping Computer has reported that the Figure Lending data breach, according to Have I Been Pwned, impacted nearly one million accounts.

The Figure Lending data breach lawsuit seeks to represent all United States residents whose personally identifiable information was compromised in the February 2026 Figure Lending data breach, including all who received a notice of the breach.

Want to learn how to start a class action lawsuit? We’ve got you covered.