Internal documents and insider communications obtained by CDG News reveal that 700Credit, one of the auto industry's largest credit reporting and identity verification providers, experienced a data breach on or around October 25, 2025.
Driving the news: Consumer names, addresses, and Social Security numbers from auto financing applications submitted between May and October 2025 were compromised, according to a letter sent to its dealer partners.
For context: 700Credit discovered the breach after being "alerted to suspicious activity within our proprietary web-based application 700Dealer.com."
The company then brought in third-party forensic specialists to investigate, and determined that customer data had been copied from the application without authorization.
700Credit elaborated that its internal network remains unaffected.
How we got here: Dark web monitoring service databreach.io first flagged the breach in mid-November after spotting threat actors trying to sell stolen data online.
The listing claimed the database contained over 8 million records and that negotiations between attackers and the company had broken down.
Although managing director, Ken Hill, told Automotive News that only 5.6 million records were impacted.
Zooming out: A class action lawsuit has already landed. Patricia Young v. 700 Credit, LLC was filed November 24 in U.S. District Court for the Eastern District of Michigan, alleging “negligent security practices” led to the breach.
Why it matters: This incident could be one the biggest breaches of the year as third-party vendors become prime “attack vectors” for criminals looking to access sensitive consumer data at scale.
And while the full scope of what was compromised still isn't clear, breaches involving credit infrastructure tend to have long tails.
The 2017 Equifax breach, which exposed Social Security numbers and personal information for over 140 million Americans, remains the starkest example of how damaging these incidents can be when they hit the credit-reporting pipeline.
OUTSMART THE CAR MARKET IN 5 MINUTES A WEEK
Get insights trusted by 55,000+ car dealers. Free, fast, and built for automotive leaders.
Between the lines: Even if 700Credit handles consumer notifications directly, that may not cover all of a dealer's legal obligations. Under most state and federal frameworks, dealers remain (somewhat) responsible for breaches involving their customer data, even when the incident happens at a vendor.
What's next: 700Credit is offering 12-24 months of free credit monitoring, depending on state requirements, and the company is also advising dealers to consult legal counsel about their own notification obligations.
Editor’s note: CDG News requested comment from 700Credit and will update this story if we receive a response.
A quick word from our partner
Stop the Fixed Ops Revenue Leak.
Missed calls and manual follow-up kill retention. Impel’s Service AI with Voice AI fixes this by automating personalized outreach based on driving behavior, capturing every missed call, and booking appointments instantly via text and email.
Keep advisors focused on the lane while customers get faster answers and your bays stay full. One platform. Zero missed opportunities.
