U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

A data breach at 700Credit exposed the names, addresses, dates of birth, and Social Security numbers of at least 5.6 million people.

700Credit is a U.S. fintech and data services company that provides credit reports, “soft pull” prequalification, identity verification, fraud detection, and compliance tools to auto, RV, powersports, and marine dealerships across the country.​

The Michigan-based company integrates with dealer systems to access credit bureau data, screen customers for compliance, generate required notices, and supports about 18,000 dealerships.

The company disclosed an October data breach impacting at least 5.6 million individuals. Exposed data includes names, addresses, dates of birth, and Social Security numbers. Threat actors stole personal data collected from dealers between May and October 2025.

“700Credit regrets to inform you that our industry was attacked again by a bad actor who had unauthorized access to some of our personally identifiable information (PII) including name, address and social security number.” reads the data breach notification published by the company on its website. “The investigation is ongoing and most importantly there is no indication of any identity theft, fraud, or other misuse of information in relation to this event”

700Credit engaged cybersecurity experts who confirmed the incident was limited to the application layer and did not affect its internal network or operations. The company has notified the impacted dealers and is informing affected consumers. It reported the incident to the FBI and FTC, and coordinated regulatory notifications on the dealers’ behalf. The company plans to notify state attorneys general and is offering credit monitoring to consumers.

“We pledge to take extraordinary steps necessary to assist consumers and notify required parties on behalf of dealers. We timely notified the FBI and the FTC and confirmed with the FTC that 700Credit’s filing on behalf of all dealers is sufficient to meet dealer obligations to notify the FTC.” continues the notification. In addition, we will be notifying State AG offices on behalf of dealers.  Impacted consumers will also be notified and offered credit monitoring services and assistance they may need. 700Credit has also been working directly with NADA.”

Michigan Attorney General Dana Nessel reissued a consumer alert after a 700Credit data breach affecting nearly 6 million people nationwide, including over 160,000 in Michigan.

“If you get a letter from 700Credit, don’t ignore it. It is important that anyone affected by this data breach takes steps as soon as possible to protect their information.” said Michigan attorney general Dana Nessel.” A credit freeze or monitoring services can go a long way in preventing fraud, and I encourage Michiganders to use the tools available to keep their identity safe.”

The company recommends customers stay alert to phishing emails and other scams, update and strengthen their passwords, and remove unnecessary data or files. A good practice is enabling multifactor authentication on devices and online accounts adds another layer of protection. It is also important to regularly review credit reports and take advantage of the free weekly reports available from Equifax, Experian, and TransUnion through the Annual Credit Report website.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Data breach)