Millions Affected by Massive Credit Report Data Breach

700Credit, one of the largest credit report and identity services providers for the automotive industry in North America, has suffered a wide-ranging data breach, with more than 5.8 million individuals thought to have been affected. The incident was identified on October 25, and was linked to a compromised third-party API on the company’s web application.

Reportedly, hackers seized information collected from automotive dealers between May and October 2025, including names, addresses, dates of birth, and Social Security numbers.

Data breaches continue to plague companies across the business sector, with 700Credit the latest in a long line of hacks this year that has affected companies of all sizes, including Google, Microsoft, McDonalds, Adidas, Coca-Cola and more.

5.8 Million Affected by 700Credit Data Breach

Credit report and identity verification services provider, 700Credit, has suffered a massive data breach, with more than 5.8 million people reported to have been affected. The hackers gained access in July 2025, and were able to access customer information from automotive dealers up until October 2025, at which point they were shut down.

According to 700Credit, the attackers were able to gain access through a compromised third-party API, which allowed them to access the sensitive data in question. This is thought to include names, addresses, dates of birth, and Social Security numbers. The company is currently in the process of contacting affected customers.

700Credit is the largest provider of credit checks, identity verification, fraud detection, and compliance services for the automotive, marine, powersports, and RV dealers in North America. It has approximately 18,000 dealerships in its customer base.

No Evidence of Information Misuse At This Time, Company Confirms

At the time of writing, 700Credit confirms that there is no current indication of identify theft, fraud, or any other kind of information misuse. What’s more, the breach is limited to the 700Dealer.com application layer, meaning that the company’s internal network is unaffected, and thus there is no impact on 700Credit’s ability to carry out operations.

In a statement, the company said: “The investigation determined that certain records in the web application relating to customers of its dealership clients were copied without authorization.”

However, the company and its clients may not be out of the woods yet. If the breach is the result of a ransomware attack, demands may still be issued at some point in the near-future. As recent history shows us, ransomware demands can often prove highly damaging for companies, with serious financial and reputational repercussions.

Business Sector Woefully Underprepare for Current Threat Landscape

The 700Credit news is yet another reminder on the importance of adequately safeguarding customer information in the face of a tidal wave of security breaches. Recently, it was reported that 88% of cybersecurity professionals had experienced at least one “significant impact” due to an ongoing shortage of talent on the job market.

In response, a lot of businesses are putting their trust in AI tools and systems to combat the rising tide. Undoubtedly, the technology has a role to play, but it is vital that companies make sure that it is deployed correctly, and that they don’t desert their basic cybersecurity duties.

According to our own research, a staggering 98% of senior leaders are unable to identify all the signs of a phishing attack, illustrating that a talent shortage isn’t the only problem that the sector is experiencing. Companies need to do more to upskill their existing employees right across the business — or this problem will only continue to get worse.