Massive data breach sees credit card details of over 5.6 million victims leaked – here’s what we know
- 700Credit lost sensitive data on 5.6 million people after third-party API was compromised
- The attackers siphoned off approximately 20% of consumers’ records in two weeks, including names, addresses, dates of birth and SSN.
- Victims are notified and offered two years of credit monitoring while regulators and the FBI investigate.
Credit checking giant 700Credit suffered a data breach that caused it to lose sensitive data on more than 5.6 million people.
In a statement shared with media, partners and affected individuals, 700Credit said that in late October 2025, it experienced a third-party attack on its supply chain.
The company communicates with more than 200 integration partners via APIs, and when one of the partners was compromised in July, they did not notify 700Credit. As a result, anonymous cybercriminals broke into this third party’s system and exposed an API used to extract consumer information.
A warning to customers
The “sustained velocity” attack began on October 25, 2025 and lasted more than two weeks, 700Credit explained.
The company managed to shut down the exposed API, but the attackers still managed to obtain about 20% of consumer data, which includes people’s names, addresses, dates of birth and Social Security numbers.
Even though 700Credit’s internal systems, as well as login and payment information, were not compromised, the threat actors still managed to obtain enough data to launch very convincing phishing attacks.
Therefore, customers are advised to be wary of incoming communications, especially those claiming to be from the credit checking company.
“If you receive a letter from 700Credit, do not ignore it,” said Michigan Attorney General Dana Nessel. “It is important that anyone impacted by this data breach take steps as soon as possible to protect their information. A credit freeze or monitoring services can go a long way to preventing fraud, and I encourage Michiganders to use the tools available to protect their identities.”
The company also partnered with the National Automobile Dealers Association (NADA) to coordinate with the Federal Trade Commission (FTC) to file a consolidated notice of violation on behalf of all affected dealers. The attack was also reported to the FBI.
Affected customers are being notified now and will be offered two years of free credit monitoring, a free credit report and access to a dedicated helpline.
Via CBT News
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
