- 700Credit lost sensitive data of 5.6 million people after a third-party API was compromised
- Attackers got approx. 20% of consumer records over two weeks, including names, addresses, DOBs and SSNs
- Victims are notified and offered two years of credit monitoring while regulators and the FBI investigate
Credit checking giant 700Credit has suffered a data breach which saw it lose sensitive data on more than 5.6 million people.
In a statement shared with the media, partners and affected individuals, 700Credit said that in late October 2025, it was hit by a third-party supply chain attack.
The company communicates with more than 200 integration partners through APIs, and when one of the partners was compromised in July, they failed to notify 700Credit — and as a result, unnamed cybercriminals broke into that third-party’s system and exposed an API used to pull consumer information.
A warning to customers
The “Sustained Velocity” attack started on October 25, 2025 and lasted more than two weeks, 700Credit explained.
The company managed to shut down the exposed API, but the attackers still managed to get hold of about 20% of consumer data, which includes people’s names, addresses, dates of birth and social security numbers.
While 700Credit’s internal systems, as well as login and payment information, were not compromised, the threat actors still managed to obtain enough data to launch highly convincing phishing attacks.
Therefore, customers and clients are encouraged to be wary of incoming communications, especially those claiming to be from the credit checking company.
“If you get a letter from 700Credit, don’t ignore it,” said Michigan Attorney General Dana Nessel. “It is important that everyone affected by this data breach take steps as soon as possible to protect their information. A credit freeze or monitoring services can go a long way in preventing fraud, and I encourage Michiganders to use the tools available to keep their identities safe.”
The company also worked with the National Automobile Dealers Association (NADA) to coordinate with the Federal Trade Commission (FTC) to file a consolidated breach notification on behalf of all affected dealers. The attack was also reported to the FBI.
Affected customers are being notified now and will be offered two years of free credit monitoring, a free credit report and access to a dedicated support line.
Via CBT news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
