CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

700Credit Data Breach Exposes 5.8 Million Records via Compromised API

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

700Credit, a major credit report and identity verification service, disclosed a data breach affecting 5,836,521 individuals. The breach, linked to a compromised third-party API, occurred between May and October 2025. Hackers accessed personal information, including names, addresses, dates of birth, and Social Security numbers, through a partner's system compromised in July 2025. The incident was contained to the 700Dealer.com application layer, and the company is offering affected individuals 12 months of free credit monitoring and identity restoration services. 700Credit began notifying impacted dealership clients on November 21 and will notify affected individuals starting December 22. The company has collaborated with the National Automobile Dealers Association (NADA) and reported the incident to the Federal Trade Commission (FTC), FBI, and various state attorney general offices. 700Credit serves over 23,000 automotive, RV, Powersports, and Marine dealer customers. The breach was due to a failure to validate consumer reference IDs against the original requester, and the attacker exfiltrated around 20% of consumer data. 700Credit revealed the breach in a notification to the Maine Office of the Attorney General (OAG) and advised affected customers to place a fraud alert and security freeze on their credit file.

Timeline

  1. 15.12.2025 11:21 3 articles · 2d ago

    700Credit Data Breach Disclosed, Impacting 5.8 Million Individuals

    700Credit disclosed a data breach affecting 5,836,521 individuals, identified on October 25, 2025. The breach involved a compromised third-party API linked to the 700Credit web application, with hackers accessing personal information collected from dealers between May and October 2025. The company began notifying impacted dealership clients on November 21 and will notify affected individuals starting December 22. 700Credit is providing 12 months of free credit monitoring and identity restoration services to affected individuals. The breach was due to a failure to validate consumer reference IDs against the original requester, and the attacker exfiltrated around 20% of consumer data. 700Credit serves over 23,000 automotive, RV, Powersports, and Marine dealer customers. The breach notification was republished on the Maine OAG site, confirming unauthorized access to certain records in the web application.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Conduent Data Breach Affects Millions

Conduent, a business services provider, has confirmed that a data breach in 2024 impacted over 10.5 million individuals. The breach, initially disclosed in January 2025, affected government agencies in multiple US states. The attackers accessed Conduent's network on October 21, 2024, and were evicted on January 13, 2025. The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. Conduent serves over 600 government and transportation organizations, and roughly half of Fortune 100 companies. The company has not provided an exact number of affected individuals, but breach notices indicate at least 10.5 million people were impacted, with the largest number in Oregon (10.5 million) and over 4 million in Texas. The Safepay ransomware group claimed responsibility for the attack in February 2025 and claimed to have stolen 8.5TB of data. Conduent provides services to several other states where specific data breach figures aren't published, potentially increasing the actual impact. As of October 24, 2025, there is no evidence that the stolen data has been misused.

Open in new tab

Merkle Breach Exposes Employee and Client Data

Merkle, a US-based subsidiary of Dentsu, experienced a cyberattack resulting in the theft of sensitive employee and client data. The breach was detected through unusual network activity, prompting an incident response and investigation. The stolen data includes bank details, payroll information, and personal contact details. Merkle has notified affected individuals and law enforcement, and is offering credit monitoring and Dark Web monitoring to impacted employees. The nature of the attack remains unknown, but it may involve data extortion or ransomware. The incident highlights the ongoing threat of data theft and the importance of robust incident response protocols.

Open in new tab

Motility Software Solutions Ransomware Attack Exposes 766,000 Client Records

Motility Software Solutions, a provider of dealer management software (DMS), experienced a ransomware attack on August 19, 2025. The incident exposed the sensitive data of 766,000 customers. The compromised data includes full names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, and driver’s license numbers. The attack affected 7,000 dealerships across the United States. The company has implemented additional security measures, restored systems from backups, and established dark web monitoring. No ransomware group has claimed responsibility for the attack. Motility has offered a year of free identity monitoring services to affected individuals.

Open in new tab

Insight Partners Ransomware Breach Affects 12,657 Individuals

Insight Partners, a New York-based venture capital and private equity firm, has notified 12,657 individuals that their personal information was compromised in a ransomware attack. The breach, which occurred in October 2024, involved a sophisticated social engineering attack that allowed threat actors to access and encrypt servers. The stolen data includes banking and tax information, personal details of current and former employees, and information related to limited partners, funds, and portfolio companies. The company has offered complimentary credit or identity monitoring services to those affected and has filed breach notifications with state attorneys general. The incident highlights the ongoing risk of social engineering attacks and the potential for significant data exfiltration in ransomware breaches.

Open in new tab

FinWise insider breach exposes 689K American First Finance customers' data

A former employee of FinWise Bank accessed sensitive customer files after the end of their employment, impacting 689,000 American First Finance (AFF) customers. The breach, which occurred on May 31, 2024, involved personal data, including full names, and went undetected for over a year. FinWise has strengthened internal controls and is offering credit monitoring services to affected individuals. The breach was discovered on June 18, 2025, and was disclosed in September 2025. The incident has led to multiple class-action lawsuits alleging inadequate encryption and security measures. FinWise Bank partners with AFF to originate and fund loans. The breach was discovered and investigated with the help of external cybersecurity professionals. The exact methods of unauthorized access and the full extent of the exposed data remain undisclosed.

Open in new tab