Driving the news: A recent listing on the dark web is claiming that auto credit service provider 700Credit suffered a massive data breach in late October, exposing more than eight million customer records, including: Social Security numbers, dates of birth, addresses, and employment information.
The details: According to dark web monitoring service, databreach.io, threat actors are selling the stolen data after negotiations with 700Credit allegedly broke down.
The dark web post includes a sample of 100 records showing fields consistent with consumer identity and verification data used in credit-related services.
At least one class action lawsuit has already been filed in connection with the incident, ComplyAuto reports, though there's no independent verification of the breach or confirmation from 700Credit.
For dealers using 700Credit, many of the same legal considerations from the CDK breach in 2024 apply—notice requirements, insurance carrier notifications, and contacting legal counsel. And most state and federal laws require consumer notification within 30 days.
What dealers need to know: Although 700Credit has yet to publicly confirm the breach, dealers using the servicer should contact their representative to find out if customer data was exposed, how many records were affected, which specific individuals, and their state of residency. From there, dealers will need to determine their level of responsibility under federal and state law and ensure proper notice is sent to the appropriate agencies.
Editor’s note: At the time of publishing, CDG News could not independently verify these claims of a data breach.
OUTSMART THE CAR MARKET IN 5 MINUTES A WEEK
Get insights trusted by 55,000+ car dealers. Free, fast, and built for automotive leaders.
