Скачать или смотреть 700Credit Data Breach Exposes 5.8 Million Auto Dealership Customers

U.S.-based fintech firm 700Credit has confirmed a major data breach impacting more than 5.8 million individuals connected to vehicle dealerships nationwide. The exposure stemmed not from a direct intrusion into 700Credit’s systems, but from a compromised integration partner whose environment was breached by threat actors earlier this year.

According to 700Credit, the initial compromise occurred in July, when attackers breached the unnamed partner and discovered an exposed API linked to 700Credit systems. That interface could be abused to retrieve sensitive dealership customer data. Critically, the partner failed to notify 700Credit of its breach, allowing attackers to quietly exploit the vulnerable API for months.

Suspicious activity was detected on October 25, triggering an internal investigation supported by third-party forensic specialists. Investigators confirmed that customer records tied to dealership transactions were copied without authorization via the exposed web application. Managing Director Ken Hill stated that roughly 20% of consumer records were accessed between May and October before the API was disabled.

The root cause was traced to a broken API authorization check. The API failed to properly validate consumer reference IDs against the requesting party, enabling large-scale unauthorized data access. This type of flaw allows attackers to enumerate and extract records without needing to compromise individual dealership systems.

The exposed data is highly sensitive and includes 🧾 full names, 🏠 physical addresses, 🎂 dates of birth, and 🧠 Social Security numbers. The combination of these identifiers significantly elevates the risk of identity theft, fraud, and long-term financial abuse.

700Credit provides credit reporting, identity verification, fraud prevention, and compliance services to over 23,000 automotive, RV, powersports, and marine dealerships across the U.S. Because the compromised records belong to dealership customers, the breach carries wide downstream impact across the auto retail sector.

To streamline regulatory response, 700Credit filed a consolidated breach notification with the FTC on behalf of itself and affected dealership clients, eliminating the need for individual dealer filings. The company also notified the National Automobile Dealers Association and launched a public breach information page.

Affected individuals are being offered 12 months of free identity protection and credit monitoring through TransUnion, with a 90-day enrollment window. While no ransomware group has claimed responsibility, the incident underscores persistent risks tied to third-party integrations, API security failures, and delayed breach disclosure in fintech supply chains.

#700Credit #DataBreach #FintechSecurity #APISecurity #ThirdPartyRisk #IdentityTheft #AutoIndustry #CyberIncident

FIND US AT
https://dailysecurityreview.com/

FOLLOW US ON SOCIAL
Get updates or reach out to Get updates on our Social Media Profiles!
Twitter:   / securitydailyr  
Facebook: https://www.facebook.com/profile.php?...
LinkedIn:   / security-daily-review