The IT Nerd

700Credit, a U.S.-based financial services and fintech company, will begin to notify more than 5.8 million people that their personal information has been exposed in a data breach incident. The data breach occurred after a threat actor breached a third-party API. 

Paul Bischoff, Consumer Privacy Advocate at Comparitech had this to say: 

“Car dealerships collect a lot of sensitive personal information when someone buys a car, especially if they finance it.  In the wrong hands, that info could easily be used to open up other lines of credit in car buyers’ names. Sign up for the free credit monitoring that 700Credit is offering and keep an eye on your credit report to be safe.

What’s notable is that 700Credit says this attack occurred through one of its partners, which had access to an API that granted access to customer info. This underlines why vendors like 700Credit can’t take security for granted even when dealing with its own customers. If one of those customers is compromised, they shouldn’t be able to access data from other client accounts as hackers did in this attack.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy adds this:

“Any individuals affected by the breach need to stay alert for any new accounts being opened up in their name. The information stolen includes four of the basic bits of information you need to open a new account. If at all possible, I would definitely take advantage of the credit monitoring and identity protection being offered to victims.”

This highlights the threat posed by supply chain attacks. Because the bad guys don’t have to pwn you directly in order for you to get pwned.

This entry was posted on December 16, 2025 at 8:55 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.