700Credit Data Breach Exposes Personal Information of Over 5.6 Million Individuals
700Credit, a U.S.-based fintech and data services provider for auto, RV, and marine dealerships, suffered a significant data breach that exposed the personal information of at least 5.6 million people. The compromised data includes names, addresses, dates of birth, and Social Security numbers collected from dealership customers between May and October 2025. The company confirmed that the breach was limited to the application layer and did not impact its internal network or operations. In response, 700Credit has engaged cybersecurity experts, notified affected dealers and consumers, reported the incident to the FBI and FTC, and is offering credit monitoring services to those impacted.
The breach was publicly disclosed in December 2025, with regulatory notifications underway and no evidence yet of identity theft or fraud resulting from the incident. The event is part of a broader trend of large-scale data breaches affecting financial services firms, as highlighted by concurrent reporting on similar incidents at other companies. 700Credit is coordinating with state attorneys general and regulatory bodies to ensure compliance and consumer protection in the aftermath of the breach.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Michigan attorney general issues consumer alert on 700Credit breach
Michigan Attorney General Dana Nessel issued a public alert urging affected people to freeze credit, monitor accounts, and watch for phishing or identity theft following the 700Credit breach. The alert accompanied broader public disclosure of the incident.
700Credit offers credit monitoring to affected individuals
As part of its response, 700Credit began offering 12 months of complimentary identity protection and credit monitoring through TransUnion to impacted individuals. The company said there was no evidence of identity theft or fraud at the time of disclosure.
700Credit begins incident response and regulatory notifications
Following discovery, 700Credit engaged forensic specialists, notified affected dealerships and consumers, and reported the incident to authorities including the FBI and FTC. The company also coordinated notifications with state attorneys general and the National Automobile Dealers Association on behalf of affected dealers.
Threat actor attempts extortion and offers stolen data for sale
After the breach, a threat actor identified by Outpost24 as using the alias ROOTBOY allegedly tried to extort 700Credit and then advertised a dataset of about 8.4 million records on underground forums. This was presented as monetization of the stolen 700Credit data.
700Credit discovers the breach
700Credit discovered the incident on October 25, 2025, after the prolonged unauthorized access campaign. The company said the breach was limited to the 700Dealer.com application layer and did not impact its internal network or operations.
Attackers exfiltrate 700Credit consumer data via API over several months
Between May and October 2025, threat actors used unauthorized access to 700Credit's application layer or API to steal dealership customer data, including names, addresses, dates of birth, and Social Security numbers. The activity affected data tied to thousands of dealerships and ultimately exposed information on roughly 5.6 to 5.8 million people.
Integration partner compromised, exposing 700Credit API access
In July 2025, attackers compromised a 700Credit integration partner and obtained API access or credentials later used to query consumer records. Multiple reports describe this third-party compromise as the origin of the breach.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
700Credit Breach: What Organizations Need to Know
outpost24.com
Open source700Credit Data Breach Exposed Details of 5.6 Million Consumers
hackread.com
Open source700 Credit Discloses a data breach
thecyberthrone.in
Open sourceU.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people
securityaffairs.com
Open sourceNearly 20 million affected by Prosper, 700Credit data breaches
therecord.media
Open source700Credit data breach impacts 5.8 million vehicle dealership customers
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple High-Profile Data Breaches at SoundCloud, Pornhub, and 700Credit
SoundCloud, Pornhub, and 700Credit have each confirmed significant data breaches impacting millions of users. SoundCloud reported unauthorized access to an ancillary service dashboard, affecting approximately 20% of its 140 million users—about 28 million people. The exposed data included email addresses and information already visible on public profiles, with no passwords or financial details compromised. The incident also caused temporary connectivity issues for some users, particularly those using VPNs, due to configuration changes made during the response. Pornhub notified select Premium subscribers that some user data was exposed following a breach at Mixpanel, a third-party analytics provider, but emphasized that sensitive information such as passwords, payment details, and government IDs were not affected. Pornhub had ceased using Mixpanel in 2021 and was informed of the breach by the vendor. 700Credit, a US-based provider of credit and identity verification services, suffered a third-party supply-chain attack that compromised the personal information of approximately 5.6 million individuals. The breach, which occurred between May and October 2025, involved unauthorized access to names, addresses, dates of birth, and Social Security numbers through a compromised API used by one of 700Credit's integration partners. 700Credit has since shut down the affected API, notified federal authorities, and is offering credit monitoring to victims. These incidents highlight the ongoing risks posed by third-party service providers and the importance of timely breach notification and response.
Mar 21, 2026
Prosper Data Breach Exposes Sensitive Information of 17.6 Million Individuals
Prosper, a prominent peer-to-peer lending marketplace, suffered a significant data breach in September 2025, resulting in the exposure of sensitive personal information belonging to 17.6 million customers and loan applicants. The breach was detected on September 2, 2025, and was publicly disclosed by Prosper, which confirmed that unauthorized access to their systems had occurred. The compromised data includes a wide range of personally identifiable information such as names, email addresses, dates of birth, Social Security numbers, government-issued IDs, employment statuses, income levels, credit status information, physical addresses, IP addresses, and browser user agent details. Prosper stated that, despite the breach, there was no evidence that customer accounts or funds were accessed or compromised. The company’s customer-facing operations remained uninterrupted throughout the incident. Prosper has reported the breach to relevant authorities and is actively collaborating with law enforcement agencies to investigate the attack. The company is still determining the full scope of the data affected and has committed to providing free credit monitoring services to impacted individuals once the investigation clarifies the extent of the exposure. The breach was added to the Have I Been Pwned database on October 16, 2025, which helped reveal the scale of the incident, specifically the number of unique email addresses involved. Prosper has advised all users to change their passwords if they have not done so since the breach and to enable two-factor authentication for enhanced security. The company has also published a dedicated FAQ page to address customer concerns and provide ongoing updates. The attackers reportedly accessed the data through unauthorized queries on company databases that store customer and applicant information. Prosper emphasized that resolving the incident is a top priority and pledged to share additional information with customers as the investigation progresses. The breach has raised concerns about the security of financial services platforms and the protection of sensitive customer data. Security experts recommend that affected individuals monitor their credit reports and remain vigilant for signs of identity theft. The incident underscores the importance of robust cybersecurity measures and timely breach notification in the financial sector. Prosper’s response and transparency in handling the breach will be closely watched by regulators and customers alike. The breach has significant implications for the privacy and security of millions of individuals whose data was entrusted to the platform.
Mar 21, 2026
Multiple Unrelated Data Breaches Disclosed in December 2025
Several organizations disclosed data breaches affecting user and customer information, with incidents spanning different industries and timeframes. The Botting Network, a now-defunct forum focused on botting, suffered a breach in August 2012 that exposed 96,000 user records, including email addresses, usernames, dates of birth, and salted MD5 password hashes. Web Hosting Talk, a vBulletin-based forum, experienced a breach in July 2016, resulting in the exposure of 515,000 user records containing usernames, email addresses, IP addresses, and salted MD5 password hashes. Both breaches were added to public breach notification services in December 2025. In a separate incident, AUTOSUR, a French vehicle inspection company, reported a breach in March 2025 that compromised over 10 million customer records, with 487,000 unique email addresses exposed alongside names, phone numbers, physical addresses, and detailed vehicle information. Additionally, Vocatura, Spagnuolo & Company, a Massachusetts-based accounting firm, disclosed a breach involving unauthorized access to a single email account, potentially exposing sensitive personal information of over 980 individuals. The exact data types affected in the Vocatura breach have not been publicly specified as of the latest disclosure.
Mar 21, 2026