700Credit Breach: How Did Millions of SSNs Leak?

What Happened

700Credit LLC, a Michigan based provider of credit reports and identity verification services for auto dealerships, disclosed in late 2025 that hackers accessed and copied sensitive consumer information tied to dealership customers. 

The incident affected roughly 5.6 million people nationwide, with multiple state agencies later publishing state specific impact counts.

The breach stemmed from activity in 700Credit’s web based dealership platform, commonly referenced as 700Dealer.com. 700Credit said it engaged third party forensic specialists and notified federal authorities. 

The company also stated that there was no operational disruption to its broader business and that investigators found no evidence its internal network was compromised, with the activity limited to the application layer.

What to Do If You Are Affected by the 700Credit Breach?

If you believe your dealership may be impacted, begin by reviewing any official notifications received from 700Credit and documenting the systems or data that could be involved. Direct operational or procedural questions to 700Credit through the dedicated support line they have provided.

700Credit shared the following statement for dealerships impacted by the incident:

“We have established a dedicated line (866) 273-0345 to address any further questions. As a matter of policy, 700Credit cannot advise dealerships as to specific legal obligations so it may be necessary to consult with your counsel.”

Because 700Credit does not provide legal guidance, dealerships should promptly engage their own legal counsel to assess notification requirements, regulatory exposure, and next steps specific to their jurisdiction.

Timeline: From First Access To Latest Update

1. May 2025 (earliest confirmed data exposure window)

Investigations later concluded that unauthorized copying of consumer records occurred beginning in May 2025.

2. July 2025 (third party compromise, alleged by company and industry sources)

Industry reporting and dealer focused briefings described a third party integration partner being compromised. Hackers allegedly gained access to communication logs that exposed an API used to pull consumer information.

3. Oct. 25, 2025 (detection)

700Credit discovered suspicious activity within its web application and began an investigation.

4. Late Oct. 2025 (high volume extraction activity, per dealer and industry reporting)

Dealer facing communications and an interview with 700Credit’s managing director described a sustained high velocity attack lasting more than two weeks, with attackers continuing to retrieve data even after mitigation steps began.

5. Oct. 27, 2025 (end of the intrusion window cited in at least one legal notice)

Some legal filings and law firm notices cite the access window as running through Oct. 27.

6. Nov. 21, 2025 (scope confirmation and dealer notification, per multiple secondary sources)

Third party sources describing dealer communications report that 700Credit confirmed the scope and notified affected dealerships around this date.

7. Early Dec. 2025 (FTC Safeguards Rule reporting decision and consolidated filing)

700Credit and the National Automobile Dealers Association coordinated with the Federal Trade Commission to allow 700Credit to file a consolidated notice on behalf of dealer clients, reducing the need for individual dealerships to file separate FTC notifications. Dealers were told they could opt out under certain conditions.

8. Week of Dec. 15, 2025 (consumer notification ramp up)

State alerts and industry updates indicated that consumer notification letters began mailing around mid December, with some agencies stating the breach was formally “reported” to them on Dec. 15.

9. Dec. 22, 2025 (Michigan Attorney General advisory)

Michigan’s Attorney General issued consumer guidance tied to the incident, including identity theft prevention steps and confirmation of the number of Michigan residents affected.

10. Dec. 29, 2025 (lawsuit reporting)

Bloomberg Law reported that 700Credit faced lawsuits tied to the incident, including at least one complaint filed in federal court alleging negligence and increased risk of identity theft.

11. Jan. 2, 2026 (South Carolina agency disclosure via local news)

Local reporting cited the South Carolina Department of Consumer Affairs releasing breach information indicating over 108,000 state residents were affected.

What Data Or Systems Were Affected

The compromised dataset was described as consumer records tied to dealership clients and included highly sensitive personal identifiers. Sources consistently cited the following data elements as exposed:

• Full names
• Mailing addresses
• Social Security numbers
• Dates of birth

Dealer oriented guidance emphasized that the combination of name plus Social Security number, especially when unencrypted, triggers breach notification requirements in many US states.

The affected system was described as the 700Dealer.com web application. Multiple sources stressed that investigators did not identify intrusion into 700Credit’s internal network, with the incident confined to application layer data access.

Who Was Responsible (Confirmed Vs Alleged)

Confirmed

No government authority has publicly named a specific hacking group or individual as responsible. Public statements and state level summaries generally describe the incident as unauthorized access and copying of consumer records.

Alleged / Reported

Dealer and industry reporting describes a scenario in which attackers gained access through a compromised third party integration partner and exploited an exposed API that enabled the extraction of consumer data. This remains an attribution narrative rather than a law enforcement confirmed conclusion.

How The Attack Worked

Reporting from industry outlets and dealer facing briefings described a chain of events broadly consistent with a supply chain or partner enabled API exploitation:

1. A third party integration partner was compromised (reported as July 2025).
2. Attackers gained access to logs or communications revealing an API used to retrieve consumer data.
3. Attackers executed a sustained, high volume request pattern against the API, enabling bulk copying of records over an extended period.
4. 700Credit disabled or restricted the exposed API, but some sources state attackers still retrieved a meaningful amount of data before access was fully contained.

700Credit and associated guidance materials described strengthening API inspection and validation processes after the incident.

Company Response And Customer Remediation

700Credit publicly stated it engaged cybersecurity experts and launched an investigation. The company said the incident did not disrupt operations and that it was continuing to provide services. 700Credit reported that it notified the FBI and the FTC, and said it would notify state attorneys general on behalf of impacted dealer clients.

The company established a dedicated phone line for consumer support and communicated that affected consumers would be offered credit monitoring. Dealer focused reporting indicated the remediation package included:

• 12 to 24 months of identity and credit monitoring
• Access to a free credit report
• A dedicated support line and guidance materials

Government, Law Enforcement, And Regulator Actions

Government involvement has largely been expressed through state level consumer advisories and breach portal postings, as well as FTC Safeguards Rule related reporting steps:

• State agencies and attorneys general published alerts and guidance, including Michigan and Wisconsin.
• South Carolina’s consumer protection agency publicly disclosed the number of affected residents and referenced a signed letter from 700Credit.
• The FTC accepted a consolidated filing approach coordinated with NADA, allowing 700Credit to file on behalf of impacted dealer clients under the Safeguards Rule framework.

There has been no public announcement of arrests, raids, or formal enforcement actions connected to the incident as of the latest confirmed updates in early January 2026.

Financial, Legal, And Business Impact

The breach has triggered multiple legal consequences:

• Bloomberg Law reported lawsuits alleging negligence and increased risk of identity theft for affected individuals.
• Class action tracking and law firm announcements indicate litigation interest and potential class action filings or investigations.

Beyond litigation, dealer compliance advisers highlighted the risk of additional costs for dealerships, including legal review, notification coordination, insurance involvement, and vendor contract scrutiny. The incident also underscores the exposure dealerships face when relying on third party service providers for regulated financial and identity data handling.

What Remains Unclear

Several key points remain unresolved in public reporting:

• The identity of the attacker or group responsible
• Whether the data was sold, leaked publicly, or retained privately
• Exact total records accessed versus copied, and whether all affected individuals’ data was fully extracted
• Whether regulators will pursue enforcement actions or penalties
• Whether future disclosures will expand or revise the affected population count
• Whether any confirmed identity theft or fraud cases will ultimately be tied directly to this incident

700Credit stated there was no indication of identity theft or misuse at the time of its public updates.

Why This Incident Matters

This breach is notable because it involves Social Security numbers at a scale typically associated with major financial institutions, yet it originated in an automotive industry service provider used by thousands of dealerships. It highlights how dealership ecosystems handle highly sensitive consumer data outside the direct perimeter of banks and lenders, creating high value targets for attackers.

The reported mechanism, exploitation of an API exposed through a compromised third party, reflects a growing risk pattern where attackers use partner ecosystems and integrations as entry points rather than direct intrusion into core networks. It also illustrates how modern breach response often requires coordination among vendors, trade associations, federal agencies, and thousands of downstream clients, each with their own compliance obligations.

Bright Defense Can Help After the 700Credit SSN Exposure

When attackers can pull 5.6 million records through an exposed web platform and API, it’s a reminder that application-layer access is often the easiest path to mass data theft. Incidents like this are common, especially in vendor ecosystems where third parties and integrations quietly expand the attack surface for every downstream customer.

Bright Defense can help you reduce this risk with Penetration Testing focused on real-world exploitation paths, plus targeted web application and API testing that validates authentication, rate limiting, logging, and data access controls before attackers do.

If your business handles SSNs, dates of birth, or identity verification workflows, now is the time to pressure-test the apps and integrations that touch that data.

Talk to Bright Defense to schedule an assessment.

Sources

1. 700Credit — 700Credit Notice (Dec. 2025)
   https://www.700credit.com/notice/
2. National Automobile Dealers Association — 700Credit to File a Consolidated Breach Notice with the FTC on Behalf of its Dealer Clients (Dec. 2, 2025)
   https://marketing.nada.org/acton/rif/4712/s-372b-2512/-/l-0b1b:65/l-0b1b/showPreparedMessage
3. Michigan Attorney General — AG Nessel Offers Tips Following Breach of 700Credit Exposes Data of 5.6 Million Consumers (Dec. 22, 2025)
   https://www.michigan.gov/ag/news/press-releases/2025/12/22/ag-nessel-offers-tips-following-breach-of-700credit-exposes-data-of-5-6-million-consumers
4. Wisconsin Department of Agriculture, Trade and Consumer Protection — 700Credit Breach Notice and Guidance (Dec. 2025)
   https://datcp.wi.gov/Pages/Programs_Services/700credit-breach.aspx
5. SecurityWeek — 700Credit Data Breach Impacts 5.8 Million Individuals (Dec. 2025)
   https://www.securityweek.com/700credit-data-breach-impacts-5-8-million-individuals/
6. TechCrunch — Nearly 5.6 million people affected by 700Credit data breach (Dec. 2025)
   https://techcrunch.com/2025/12/23/nearly-5-6-million-people-affected-by-700credit-data-breach/
7. Bloomberg Law — 700Credit Sued Over Data Breach Impacting 5.8 Million People (Dec. 29, 2025)
   https://news.bloomberglaw.com/litigation/700credit-sued-over-data-breach-impacting-5-8-million-people
8. CBT News — 700Credit’s Ken Hill on recent data breach and what dealers need to know (Dec. 4, 2025)
   https://www.cbtnews.com/700credits-ken-hill-on-recent-data-breach-and-what-dealers-need-to-know/
9. ComplyAuto — 700Credit Data Breach Incident Follow Up to December 1, 2025 ComplyAuto Alert (Dec. 4, 2025)
   https://complyauto.com/700credit-data-breach-incident-follow-up-to-december-1-2025-complyauto-alert/
10. WBTV / WIS News 10 — SCDCA: Data breach impacting over 108,000 South Carolinians (Jan. 2, 2026)
    https://www.wbtv.com/2026/01/02/scdca-data-breach-impacting-over-108000-south-carolinians/
11. National Law Review / GlobeNewswire — 700Credit Data Breach Exposes Personal Information: Murphy Law Firm Investigates Legal Claims (Dec. 15, 2025)
    https://natlawreview.com/press-releases/700credit-data-breach-exposes-personal-information-murphy-law-firm
12. ClassAction.org — 700Credit Data Breach Letter (PDF) (2025)
    https://www.classaction.org/media/700credit-data-breach-letter-2025.pdf