Credit report and identity verification services provider 700Credit has revealed a data breach affecting over 5.8 million individuals. The company is the leading provider of credit checks, identity verification, fraud detection, and compliance services for nearly 18,000 automotive, marine, powersports, and RV dealers across North America. The breach was discovered on October 25, 2025, and stemmed from a compromised third-party API connected to the 700Credit web application.
The company explained that hackers compromised a partner’s system in July 2025, which gave them access to the API and allowed them to obtain consumers’ personal data. In a notification letter filed with the Maine Attorney General’s Office, 700Credit stated that its investigation confirmed that unauthorized copies were made of specific records in the web application relating to its dealership clients’ customers. Michigan Attorney General Dana Nessel noted that before the hackers were removed from the system, they downloaded information that had been collected from dealers between May 2025 and October 2025.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
The personal information compromised in the incident varies for each individual but generally includes names, addresses, dates of birth, and Social Security numbers. 700Credit has emphasized that its internal network was not breached and that the security incident was contained to the [suspicious link removed] application layer.
The process of informing the affected dealership clients started on November 21, 2025, and written notification letters will be sent to the millions of impacted individuals beginning December 22, 2025. The company has taken action by filing a consolidated breach notification with the Federal Trade Commission in partnership with the National Automobile Dealers Association. Furthermore, 700Credit has reported the attack to the FBI and notified attorney general’s offices throughout the United States.
To assist the 5,836,521 affected individuals, as reported to the Maine Attorney General’s Office, 700Credit is offering 12 months of free credit monitoring and identity restoration services. Attorney General Nessel stressed the importance for those affected to take immediate protective measures, stating that tools like a credit freeze or monitoring services are crucial for preventing fraud and keeping their identity safe.
Source: 700Credit Data Breach Impacts 5.8 Million Individuals
Solid breakdown of this incident. The three-month gap between July compromise and October detection is what always gets me about these thirdparty API attacks. Working in identity systems for years now, and the challenge is always that visibility stops at the API boundary. SSNs and verification data sitting in a compromised partner enviroment for months shows why zero-trust architecture can't just be internal anymore.