A US fintech firm with thousands of car dealership clients has revealed a data breach impacting 5.8 million end customers.
Michigan-headquartered 700Credit provides credit reporting, identity verification and other services to over 20,000 dealers across the US.
It revealed in a breach notification to the Maine Office of the Attorney General (OAG) that millions of end customers were affected by an incident the firm discovered in October.
“700Credit regrets to inform you that our industry was attacked again by a bad actor who had unauthorized access to some of our personally identifiable information (PII) including name, address and social security number. The investigation is ongoing and most importantly there is no indication of any identity theft, fraud, or other misuse of information in relation to this event,” the firm said in a notice on its website.
“We have engaged cybersecurity experts who did not identify any impact on our internal network, and confirmed all activity is limited within the 700Dealer.com application layer. We confirm there is no operational impact on our business, and we are able to continue providing services as scheduled.”
Read more on data breaches: Mega Data Breaches Push US Victim Count to 1.7 Billion
The incident was discovered on October 25.
The breach notification republished on the Maine OAG site reveals that “certain records in the web application relating to customers of its dealership clients were copied without authorization.”
It’s believed a misconfigured API was to blame, enabling threat actors to exfiltrate data between May and October.
Affected customers are being given 12-months’ identity protection and credit monitoring through TransUnion, free of charge. However, 700Credit also advised breach victims to closely monitor for suspected identity theft or fraud, and report any incidents immediately to their credit card company and/or bank.
The firm is also advising customers on placing a fraud alert and security freeze on their credit file.
Breaches Galore in 2025
The US is heading for another record year in terms of data breaches, after their number surged 11% annually to reach 1732 for the first half of 2025, according to the Identity Theft Resource Center (ITRC).
The non-profit’s figures for Q3 2025 revealed 835 separate data compromises in the period, resulting in around 23 million victim notices.
The vast majority (83%) were attributed to cyber-attacks rather than human error or supply chain issues.
A report from the ITRC last week warned that end customers could be victimized twice over by surging breach volumes, after revealing that 38% of breached companies put their prices up over the past year following an incident.
