Perceptive Security
SOC/SIEM Consultancy
700Credit data breach impacts 5.8 million vehicle dealership customers
Published:
15 December 2025 at 16:49:03
Alert date:
15 December 2025 at 17:01:29
Source:
bleepingcomputer.com
Data Breach & Exfiltration, Web Technologies
700Credit, a U.S.-based financial services and fintech company, experienced a data breach that exposed personal information of more than 5.8 million vehicle dealership customers. The company is beginning to notify affected individuals about the incident. The breach impacts customers who used 700Credit's services through various vehicle dealerships across the United States.
Technical details
Threat actor breached one of 700Credit's integration partners in July and discovered an API for obtaining customer information. The partner did not inform 700Credit of the compromise. Security vulnerability in the API involved failure to validate consumer reference IDs against the original requester. The attacker stole around 20% of consumer data from May to October before 700Credit terminated the exposed API on October 25.
Mitigation steps:
Monitor accounts closely, consider placing a security freeze, enroll in the 12-month free identity protection and credit monitoring service through TransUnion (90-day enrollment period), watch for suspicious account activity
Affected products:
700Credit web application API
700Credit integration partner systems
Related links:
https://www.documentcloud.org/documents/26377802-700credit-notice-of-data-event-me/
https://www.cbtnews.com/700credits-ken-hill-on-recent-data-breach-and-what-dealers-need-to-know/
https://marketing.nada.org/acton/rif/4712/s-372b-2512/-/l-0b1b:65/l-0b1b/showPreparedMessage?sid=TV2:rUlDCXlvl
https://www.700credit.com/notice/
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.