On the Dash:
- 700Credit’s October 2025 breach affected 5.6 million customers and 18,000 dealerships, exposing sensitive personal and financial data.
- Dealers must quickly verify customer impact, meet notification obligations, and ensure contractual and cybersecurity safeguards are in place.
- The incident underscores broader cybersecurity risks in the automotive industry, particularly involving third-party vendors and integrated systems.
Cybercriminals have targeted 700Credit, the largest provider of credit, identity, and compliance services for dealerships, breaching sensitive data of approximately 5.6 million customers and nearly 18,000 dealerships in North America. This incident occurred in late October and involved names, addresses, Social Security numbers, and employment information.
The breach, confirmed by Managing Director Ken Hill, resulted from a compromise of the 700Dealer.com website. A third-party vendor’s API connection was exploited to access the system. Upon discovery, 700Credit closed the backdoor and spent two weeks fortifying its defenses.
700Credit notified its insurance provider and engaged cybersecurity firms to investigate. A breach attorney was hired for regulatory compliance. Letters were sent to affected dealerships, and consumers will also be informed. Moreover, federal and state regulators, including the FTC, have been notified.
Affected customers will receive one to two years of free identity and credit monitoring and access to a support line. With the National Automobile Dealers Association’s (NADA) help, 700Credit secured FTC approval to notify customers on behalf of dealerships.
Hill stated that 700Credit is taking steps to improve dealer security, including implementing best practices and educating dealers on cyber threats. Dealers using 700Credit services should contact their representatives to check for data exposure and review contractual safeguards.
