CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

700Credit Data Breach Exposes 5.8 Million Records via Compromised API

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

700Credit, a major credit report and identity verification service, disclosed a data breach affecting 5,836,521 individuals. The breach, linked to a compromised third-party API, occurred between May and October 2025. Hackers accessed personal information, including names, addresses, dates of birth, and Social Security numbers, through a partner's system compromised in July 2025. The incident was contained to the 700Dealer.com application layer, and the company is offering affected individuals 12 months of free credit monitoring and identity restoration services. 700Credit began notifying impacted dealership clients on November 21 and will notify affected individuals starting December 22. The company has collaborated with the National Automobile Dealers Association (NADA) and reported the incident to the Federal Trade Commission (FTC), FBI, and various state attorney general offices. 700Credit serves over 23,000 automotive, RV, Powersports, and Marine dealer customers.

Timeline

  1. 15.12.2025 11:21 2 articles · 8h ago

    700Credit Data Breach Disclosed, Impacting 5.8 Million Individuals

    700Credit disclosed a data breach affecting 5,836,521 individuals, identified on October 25, 2025. The breach involved a compromised third-party API linked to the 700Credit web application, with hackers accessing personal information collected from dealers between May and October 2025. The company began notifying impacted dealership clients on November 21 and will notify affected individuals starting December 22. 700Credit is providing 12 months of free credit monitoring and identity restoration services to affected individuals. The breach was due to a failure to validate consumer reference IDs against the original requester, and the attacker exfiltrated around 20% of consumer data. 700Credit serves over 23,000 automotive, RV, Powersports, and Marine dealer customers.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Conduent Data Breach Affects Millions

Conduent, a business services provider, has confirmed that a data breach in 2024 impacted over 10.5 million individuals. The breach, initially disclosed in January 2025, affected government agencies in multiple US states. The attackers accessed Conduent's network on October 21, 2024, and were evicted on January 13, 2025. The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. Conduent serves over 600 government and transportation organizations, and roughly half of Fortune 100 companies. The company has not provided an exact number of affected individuals, but breach notices indicate at least 10.5 million people were impacted, with the largest number in Oregon (10.5 million) and over 4 million in Texas. The Safepay ransomware group claimed responsibility for the attack in February 2025 and claimed to have stolen 8.5TB of data. Conduent provides services to several other states where specific data breach figures aren't published, potentially increasing the actual impact. As of October 24, 2025, there is no evidence that the stolen data has been misused.

Open in new tab

Motility Software Solutions Ransomware Attack Exposes 766,000 Client Records

Motility Software Solutions, a provider of dealer management software (DMS), experienced a ransomware attack on August 19, 2025. The incident exposed the sensitive data of 766,000 customers. The compromised data includes full names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, and driver’s license numbers. The attack affected 7,000 dealerships across the United States. The company has implemented additional security measures, restored systems from backups, and established dark web monitoring. No ransomware group has claimed responsibility for the attack. Motility has offered a year of free identity monitoring services to affected individuals.

Open in new tab

Insight Partners Ransomware Breach Affects 12,657 Individuals

Insight Partners, a New York-based venture capital and private equity firm, has notified 12,657 individuals that their personal information was compromised in a ransomware attack. The breach, which occurred in October 2024, involved a sophisticated social engineering attack that allowed threat actors to access and encrypt servers. The stolen data includes banking and tax information, personal details of current and former employees, and information related to limited partners, funds, and portfolio companies. The company has offered complimentary credit or identity monitoring services to those affected and has filed breach notifications with state attorneys general. The incident highlights the ongoing risk of social engineering attacks and the potential for significant data exfiltration in ransomware breaches.

Open in new tab

Lovesac Data Breach After Ransomware Attack

Lovesac, a furniture retailer, confirmed a data breach impacting an unspecified number of individuals. The breach occurred between February 12, 2025, and March 3, 2025, and involved unauthorized access to internal systems. The company discovered the breach on February 28, 2025, and has offered credit monitoring services to affected individuals. The RansomHub ransomware gang claimed responsibility for the attack, threatening to leak stolen data if a ransom was not paid. Lovesac operates 267 showrooms across the United States and reported annual net sales of $750 million. The stolen data includes full names and other personal information, though the exact details and the number of affected individuals remain undisclosed. The company has not confirmed whether customers, employees, or contractors were impacted.

Open in new tab

TransUnion Data Breach Affects Over 4 Million Customers

TransUnion, a major credit reporting agency, confirmed a data breach that compromised the personal information of over 4 million customers. The breach occurred on July 28, 2025, and was discovered two days later. An unauthorized actor accessed personal data through a third-party application used by TransUnion's US customer support operations. The compromised information was limited to specific data elements and did not include credit reports or core credit information. TransUnion is offering impacted customers two years of free credit monitoring services. The identity of the threat actor remains unknown, and there is no confirmed correlation with other recent security incidents.

Open in new tab