Figure Technology Solutions disclosed a cybersecurity incident via SEC 8-K filing affecting approximately 1 million user records. No CVE has been assigned, attack vector and compromised data types are unconfirmed, and no public IOCs are available. Organizations with vendor, API integration, or data-sharing relationships with Figure should treat this as an active third-party exposure event pending scope clarification.