A cybersecurity incident at 700Credit LLC, a provider of credit checks and identity verification services for auto dealerships, compromised the personal information of approximately 5.6 million individuals, the company has confirmed.
The breach, involved unauthorized access to data collected from dealerships between May and October 2025. Affected information includes names, addresses, dates of birth and Social Security numbers.
In a statement posted on 700Credit website, the Michigan-based company attributed the incident to an unidentified bad actor. 700Credit is notifying affected individuals by mail starting the week of Dec. 15 and offering free credit monitoring services.
Michigan Attorney General Dana Nessel urged residents to take the notifications seriously.
“If you get a letter from 700Credit, don’t ignore it,” Nessel said in a statement. “It is important that anyone affected by this data breach takes steps as soon as possible to protect their information. A credit freeze or monitoring services can go a long way in preventing fraud, and I encourage Michiganders to use the tools available to keep their identity safe.”
The breach impacted more than 160,000 Michigan residents, according to Nessel’s office, out of nearly 6 million nationwide.
700Credit serves thousands of auto dealerships across the U.S., processing sensitive data during vehicle financing applications. The company has engaged cybersecurity experts to investigate and has notified federal regulators.
Hackers Steal 460 GB of Sensitive Student Data from Columbia University
Large-scale data breaches involving financial and identity verification services have become increasingly common over the past decade, exposing millions of consumers to fraud and identity theft. One of the most notable incidents was the Equifax breach in 2017, where sensitive information—including Social Security numbers—of approximately 147 million Americans was compromised. The incident highlighted systemic vulnerabilities in credit reporting systems and led to widespread regulatory scrutiny.
Similarly, in 2019, Capital One disclosed a breach affecting more than 100 million customers due to a misconfigured cloud server, underscoring risks tied to third-party infrastructure and cloud security. In another case, Experian and other credit bureaus have faced repeated scrutiny over data handling practices, reinforcing concerns about centralized repositories of sensitive personal data.
More recently, the T-Mobile incidents exposed tens of millions of records across multiple attacks, demonstrating how persistent and evolving cyber threats continue to target large datasets.
These breaches share common patterns: unauthorized access by external actors, delayed detection, and the exposure of critical identifiers such as Social Security numbers and birth dates. Experts have repeatedly warned that companies handling financial and identity data remain prime targets, making robust cybersecurity measures and rapid incident response essential to mitigate long-term risks for affected individuals.
