Massive data breach sees credit card details of over 5.6 million victims leaked - here's what we know

News
By published

700Credit has data stolen through a third-party API integration

Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website
(Image credit: sarayut Thaneerat/ via Getty Images)
  • 700Credit lost sensitive data on 5.6 million people after a third‑party API was compromised
  • Attackers siphoned ~20% of consumer records over two weeks, including names, addresses, DOBs, and SSNs
  • Victims are being notified and offered two years of credit monitoring as regulators and the FBI investigate

Credit check giant 700Credit has suffered a data breach which saw it lose sensitive data on more than 5.6 million people.

In a statement shared with the media, partners, and affected individuals, 700Credit said that in late October 2025, it suffered a third-party supply-chain attack.

The company communicates with more than 200 integration partners through APIs, and when one of the partners was compromised in July, they failed to notify 700Credit - and as a result, unnamed cybercriminals broke into that third-party’s system, and exposed an API used to pull consumer information.

A warning to customers

The “sustained velocity” attack started on October 25, 2025 and took more than two weeks, 700Credit explained.

The company managed to shut down the exposed API, but the attackers still managed to obtain roughly 20% of consumer data, which includes people’s names, addresses, dates of birth, and Social Security numbers.

While 700Credit’s internal systems, as well as login and payment information, were not compromised, the threat actors still managed to get enough data to launch highly convincing phishing attacks.

Therefore, customers and clients are urged to be wary of incoming communications, especially those claiming to come from the credit check company.

“If you get a letter from 700Credit, don’t ignore it,” said Michigan attorney general Dana Nessel. “It is important that anyone affected by this data breach takes steps as soon as possible to protect their information. A credit freeze or monitoring services can go a long way in preventing fraud, and I encourage Michiganders to use the tools available to keep their identity safe.”

The company also partnered up with the National Automobile Dealers Association (NADA), to coordinate with the Federal Trade Commission (FTC) to file a consolidated breach notice on behalf of all affected dealerships. The attack was also reported to the FBI.

Affected customers are being notified right now and will be offered two years of free credit monitoring, a free credit report, and access to a dedicated support line.

Via CBT News

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.