700Credit, a U.S. fintech firm providing credit reporting and identity verification for automotive dealerships, suffered a data breach impacting approximately 5.8 million individuals.
Breach Timeline
Suspicious activity was detected on October 25, 2025, revealing unauthorized access to customer data collected from dealerships between May and October 2025. Attackers exploited a vulnerability in a third-party API after breaching an integration partner in July 2025, extracting about 20% of consumer records over two weeks before the API was terminated.The incident was confined to the 700Dealer.com application layer, with no impact on internal networks or operations.
Exposed Data
Hackers stole names, physical addresses, dates of birth, and Social Security numbers from vehicle dealership customers.
Company Response
700Credit engaged forensic experts, notified the FBI and FTC (filing consolidated notices on behalf of dealers), and is informing state attorneys general and affected consumers.The firm is offering 12 months of free credit monitoring via TransUnion and has coordinated with the National Automobile Dealers Association (NADA).No evidence of identity theft or fraud has emerged as of mid-December 2025.
Threat Implications
Michigan Attorney General Dana Nessel urged affected residents to freeze credit and monitor accounts, highlighting risks like potential fraud from exposed PII. No ransomware claims have surfaced, but victims should remain vigilant for phishing or misuse tied to automotive financing data. The breach underscores supply chain API risks in fintech, relevant for vulnerability management tracking.
