Overview
- Notifications are being mailed this week to people whose dealer credit applications from May through October 2025 were affected, after the breach was discovered on Oct. 25.
- The exposed data includes full names, home addresses, dates of birth and Social Security numbers for at least 5.6 million people linked to thousands of dealerships.
- 700Credit attributes the incident to unauthorized access, reports no indication of fraud to date, and is providing 12 to 24 months of free credit monitoring and identity protection.
- Industry reports say attackers leveraged a compromised integration partner and a flawed API to mass‑pull records during a two‑week “sustained velocity” attack.
- Officials, including Michigan’s attorney general, urge recipients to act on the letters and consider credit freezes, monitoring and vigilance for phishing, with a dedicated help line available for questions.