700Credit Breach: How Did Millions of SSNs Leak?

What Happened

700Credit LLC, a Michigan based provider of credit reports and identity verification services for auto dealerships, disclosed in late 2025 that attackers accessed its dealership web application and copied sensitive consumer data tied to dealership customers.

Public breach reporting and state level disclosures put the total impacted population at about 5.8 million people nationwide, while Michigan’s Attorney General described the incident as affecting nearly 6 million people, including more than 160,000 Michigan residents.

The breach has been described as impacting dealership ecosystems at scale, with dealer industry reporting citing roughly 18,000 dealerships connected to the affected platform.

The affected environment was repeatedly described as 700Credit’s web based dealership platform, commonly referenced as 700Dealer.com.

700Credit stated it engaged cybersecurity experts, notified the FBI and the FTC, and said investigators found no impact on its internal network, with activity limited to the 700Dealer.com application layer.

What to Do If You Are Affected by the 700Credit Breach?

If you believe your dealership may be impacted, begin by reviewing any official notifications received from 700Credit and documenting the systems or data that could be involved. Direct operational or procedural questions to 700Credit through the dedicated support line they have provided.

700Credit shared the following statement for dealerships impacted by the incident:

“We have established a dedicated line (866) 273-0345 to address any further questions. As a matter of policy, 700Credit cannot advise dealerships as to specific legal obligations so it may be necessary to consult with your counsel.”

Because 700Credit does not provide legal guidance, dealerships should promptly engage their own legal counsel to assess notification requirements, regulatory exposure, and next steps specific to their jurisdiction.

Timeline: From First Access To Latest Update

• May 2025 (earliest confirmed data exposure window): Michigan’s Attorney General stated that the breached data was collected from dealers between May 2025 and October 2025.
• July 2025 (third party compromise, alleged by company and industry sources): Security reporting described a compromise of one of 700Credit’s integration partners in July 2025, followed by discovery of an API used to retrieve consumer information.
• Oct. 25, 2025 (detection): 700Credit and consumer notices stated the company noticed suspicious activity on October 25, 2025 and began an investigation with third party forensic support.
• Late Oct. 2025 (high volume extraction activity, per dealer and industry reporting): Dealer focused reporting described a sustained, high velocity incident lasting more than two weeks, with activity tied to the 700Dealer.com platform and an API connection.
• Oct. 25 to Oct. 27, 2025 (incident window listed in at least one state filing): A state level breach entry lists the breach occurrence window as October 25, 2025 through October 27, 2025.
• Nov. 21, 2025 (discovery date and dealer notification reference point in secondary reporting): A state level breach entry lists November 21, 2025 as the breach discovery date, and public reporting has used late November as the point when dealer communications began circulating more broadly.
• Early Dec. 2025 (FTC Safeguards Rule consolidated filing approach): Dealer association guidance stated that the FTC accepted a proposal allowing 700Credit to submit a single consolidated notice on behalf of affected dealer clients for Safeguards Rule reporting, while dealers could opt out and state notification requirements continued to apply.
• Week of Dec. 15, 2025 (consumer notification start stated by Michigan): Michigan’s Attorney General stated that notice letters would begin mailing during the week of December 15, 2025.
• Dec. 22, 2025 (consumer notification date listed in a state breach entry): A state level breach entry lists December 22, 2025 as the consumer notification date.
• Dec. 10, 2025 (Michigan Attorney General advisory): Michigan’s Attorney General issued consumer guidance tied to the incident and reiterated the scale of the impact for Michigan residents.
• Jan. 2026 (South Carolina disclosure via local reporting): Local reporting cited a South Carolina disclosure indicating 108,829 state residents were affected and that the state agency was notified on December 15, 2025.
• Feb. 10, 2026 (federal court consolidation order and consolidated complaint deadline): A federal court order in the Eastern District of Michigan consolidated additional related cases into the In re 700 Credit Data Security Incident Litigation matter and set a consolidated complaint deadline of February 20, 2026.

What Data Or Systems Were Affected

The compromised dataset was described as consumer records tied to dealership clients and included highly sensitive personal identifiers. Sources consistently cited the following data elements as exposed:

• Full names
• Mailing addresses
• Social Security numbers
• Dates of birth

Dealer oriented guidance emphasized that the combination of name plus Social Security number, especially when unencrypted, triggers breach notification requirements in many US states.

The affected system was described as the 700Dealer.com web application. Multiple sources stressed that investigators did not identify intrusion into 700Credit’s internal network, with the incident confined to application layer data access.

Who Was Responsible (Confirmed Vs Alleged)

Confirmed

No government authority has publicly named a specific hacking group or individual as responsible. Public statements and state level summaries generally describe the incident as unauthorized access and copying of consumer records.

Alleged / Reported

Dealer and industry reporting describes a scenario in which attackers gained access through a compromised third party integration partner and exploited an exposed API that enabled the extraction of consumer data. This remains an attribution narrative rather than a law enforcement confirmed conclusion.

How The Attack Worked

Reporting from industry outlets and dealer facing briefings described a chain of events broadly consistent with a supply chain or partner enabled API exploitation:

1. A third party integration partner was compromised (reported as July 2025).
2. Attackers gained access to logs or communications revealing an API used to retrieve consumer data.
3. Attackers executed a sustained, high volume request pattern against the API, enabling bulk copying of records over an extended period.
4. 700Credit disabled or restricted the exposed API, but some sources state attackers still retrieved a meaningful amount of data before access was fully contained.

700Credit and associated guidance materials described strengthening API inspection and validation processes after the incident.

Company Response And Customer Remediation

700Credit publicly stated it engaged cybersecurity experts and launched an investigation. The company said the incident did not disrupt operations and that it was continuing to provide services. 700Credit reported that it notified the FBI and the FTC, and said it would notify state attorneys general on behalf of impacted dealer clients.

The company established a dedicated phone line for consumer support and communicated that affected consumers would be offered credit monitoring. Dealer focused reporting indicated the remediation package included:

• 12 to 24 months of identity and credit monitoring
• Access to a free credit report
• A dedicated support line and guidance materials

Government, Law Enforcement, And Regulator Actions

Government involvement has largely been expressed through state level consumer advisories and Government, Law Enforcement, And Regulator Actions

Government involvement has largely been expressed through state level consumer advisories and breach portal postings, plus Safeguards Rule related reporting steps. Michigan issued consumer guidance and confirmed the incident involved Social Security numbers and other personal identifiers.

Dealer association guidance stated that the FTC accepted a consolidated filing approach coordinated with 700Credit for Safeguards Rule reporting, while state notification requirements remained in force.

Public sources available as of February 20, 2026 have not named an attacker, and 700Credit has stated it has not seen indications of identity theft or fraud connected to the event at the time of its posted updates.

Financial, Legal, And Business Impact

TThe breach has triggered ongoing litigation activity. A federal court order notes the first complaint was filed on November 24, 2025, and the litigation has since been consolidated under the In re 700 Credit Data Security Incident Litigation caption, with a consolidated complaint due February 20, 2026.

Beyond litigation, dealer focused reporting has highlighted costs and operational burden for dealerships, including legal review, notification coordination, insurer involvement, and vendor contract scrutiny following a third party service provider incident impacting regulated consumer data.

What Remains Unclear

Several key points remain unresolved in public reporting:

• The identity of the attacker or group responsible
• Whether the data was sold, leaked publicly, or retained privately
• Exact total records accessed versus copied, and whether all affected individuals’ data was fully extracted
• Whether regulators will pursue enforcement actions or penalties
• Whether future disclosures will expand or revise the affected population count
• Whether any confirmed identity theft or fraud cases will ultimately be tied directly to this incident

700Credit stated there was no indication of identity theft or misuse at the time of its public updates.

Why This Incident Matters

This breach is notable because it involves Social Security numbers at a scale typically associated with major financial institutions, yet it originated in an automotive industry service provider used by thousands of dealerships. It highlights how dealership ecosystems handle highly sensitive consumer data outside the direct perimeter of banks and lenders, creating high value targets for attackers.

The reported mechanism, exploitation of an API exposed through a compromised third party, reflects a growing risk pattern where attackers use partner ecosystems and integrations as entry points rather than direct intrusion into core networks. It also illustrates how modern breach response often requires coordination among vendors, trade associations, federal agencies, and thousands of downstream clients, each with their own compliance obligations.

Bright Defense Can Help After the 700Credit SSN Exposure

When attackers can pull 5.6 million records through an exposed web platform and API, it’s a reminder that application-layer access is often the easiest path to mass data theft. Incidents like this are common, especially in vendor ecosystems where third parties and integrations quietly expand the attack surface for every downstream customer.

Bright Defense can help you reduce this risk with Penetration Testing focused on real-world exploitation paths, plus targeted web application and API testing that validates authentication, rate limiting, logging, and data access controls before attackers do.

If your business handles SSNs, dates of birth, or identity verification workflows, now is the time to pressure-test the apps and integrations that touch that data.

Talk to Bright Defense to schedule an assessment.

Sources

1. 700Credit — 700Credit Notice (Dec. 2025)
   https://www.700credit.com/notice/
2. National Automobile Dealers Association — 700Credit to File a Consolidated Breach Notice with the FTC on Behalf of its Dealer Clients (Dec. 2, 2025)
   https://marketing.nada.org/acton/rif/4712/s-372b-2512/-/l-0b1b:65/l-0b1b/showPreparedMessage
3. Michigan Attorney General — AG Nessel Offers Tips Following Breach of 700Credit Exposes Data of 5.6 Million Consumers (Dec. 22, 2025)
   https://www.michigan.gov/ag/news/press-releases/2025/12/22/ag-nessel-offers-tips-following-breach-of-700credit-exposes-data-of-5-6-million-consumers
4. Wisconsin Department of Agriculture, Trade and Consumer Protection — 700Credit Breach Notice and Guidance (Dec. 2025)
   https://datcp.wi.gov/Pages/Programs_Services/700credit-breach.aspx
5. SecurityWeek — 700Credit Data Breach Impacts 5.8 Million Individuals (Dec. 2025)
   https://www.securityweek.com/700credit-data-breach-impacts-5-8-million-individuals/
6. TechCrunch — Nearly 5.6 million people affected by 700Credit data breach (Dec. 2025)
   https://techcrunch.com/2025/12/23/nearly-5-6-million-people-affected-by-700credit-data-breach/
7. Bloomberg Law — 700Credit Sued Over Data Breach Impacting 5.8 Million People (Dec. 29, 2025)
   https://news.bloomberglaw.com/litigation/700credit-sued-over-data-breach-impacting-5-8-million-people
8. CBT News — 700Credit’s Ken Hill on recent data breach and what dealers need to know (Dec. 4, 2025)
   https://www.cbtnews.com/700credits-ken-hill-on-recent-data-breach-and-what-dealers-need-to-know/
9. ComplyAuto — 700Credit Data Breach Incident Follow Up to December 1, 2025 ComplyAuto Alert (Dec. 4, 2025)
   https://complyauto.com/700credit-data-breach-incident-follow-up-to-december-1-2025-complyauto-alert/
10. WBTV / WIS News 10 — SCDCA: Data breach impacting over 108,000 South Carolinians (Jan. 2, 2026)
    https://www.wbtv.com/2026/01/02/scdca-data-breach-impacting-over-108000-south-carolinians/
11. National Law Review / GlobeNewswire — 700Credit Data Breach Exposes Personal Information: Murphy Law Firm Investigates Legal Claims (Dec. 15, 2025)
    https://natlawreview.com/press-releases/700credit-data-breach-exposes-personal-information-murphy-law-firm
12. ClassAction.org — 700Credit Data Breach Letter (PDF) (2025)
    https://www.classaction.org/media/700credit-data-breach-letter-2025.pdf
13. 700Credit — 700Credit Notice (Dec. 2025) 
    https://www.700credit.com/notice/
14. National Automobile Dealers Association — 700Credit to File a Consolidated Breach Notice with the FTC on Behalf of its Dealer Clients (Dec. 2, 2025)
    https://marketing.nada.org/acton/rif/4712/s-372b-2512/-/l-0b1b:65/l-0b1b/showPreparedMessage
15. Michigan Attorney General — AG Nessel Offers Tips Following Breach of 700Credit Exposes Data of 5.6 Million Consumers (Dec. 22, 2025)
    https://www.michigan.gov/ag/news/press-releases/2025/12/22/ag-nessel-offers-tips-following-breach-of-700credit-exposes-data-of-5-6-million-consumers
16. Wisconsin Department of Agriculture, Trade and Consumer Protection — 700Credit Breach Notice and Guidance (Dec. 2025)
    https://datcp.wi.gov/Pages/Programs_Services/700credit-breach.aspx
17. SecurityWeek — 700Credit Data Breach Impacts 5.8 Million Individuals (Dec. 2025)
    https://www.securityweek.com/700credit-data-breach-impacts-5-8-million-individuals/
18. TechCrunch — Nearly 5.6 million people affected by 700Credit data breach (Dec. 2025)
    https://techcrunch.com/2025/12/23/nearly-5-6-million-people-affected-by-700credit-data-breach/
19. Bloomberg Law — 700Credit Sued Over Data Breach Impacting 5.8 Million People (Dec. 29, 2025)
    https://news.bloomberglaw.com/litigation/700credit-sued-over-data-breach-impacting-5-8-million-people
20. CBT News — 700Credit’s Ken Hill on recent data breach and what dealers need to know (Dec. 4, 2025)
    https://www.cbtnews.com/700credits-ken-hill-on-recent-data-breach-and-what-dealers-need-to-know/
21. ComplyAuto — 700Credit Data Breach Incident Follow Up to December 1, 2025 ComplyAuto Alert (Dec. 4, 2025)
    https://complyauto.com/700credit-data-breach-incident-follow-up-to-december-1-2025-complyauto-alert/
22. WBTV / WIS News 10 — SCDCA: Data breach impacting over 108,000 South Carolinians (Jan. 2, 2026)
    https://www.wbtv.com/2026/01/02/scdca-data-breach-impacting-over-108000-south-carolinians/
23. National Law Review / GlobeNewswire — 700Credit Data Breach Exposes Personal Information: Murphy Law Firm Investigates Legal Claims (Dec. 15, 2025)
    https://natlawreview.com/press-releases/700credit-data-breach-exposes-personal-information-murphy-law-firm
24. ClassAction.org — 700Credit Data Breach Letter (PDF) (2025)
    https://www.classaction.org/media/700credit-data-breach-letter-2025.pdf