700Credit data breach exposes SSNs of 5.8M consumers

Data breaches tied to fiscal services companies are nary longer rare, but they inactive deed harder erstwhile Social Security numbers are involved. In the latest incident, U.S.-based fintech institution 700Credit has confirmed that the idiosyncratic information of much than 5.8 cardinal radical was exposed. The breach did not originate from a nonstop compromise of 700Credit's interior network, which makes it much concerning. It began with a third-party integration spouse and softly snowballed implicit respective months earlier it was detected. By the clip the contented was contained, hackers had managed to bargain a important magnitude of delicate user data.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts, and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide - escaped erstwhile you articulation my CYBERGUY.COM newsletter.

DATA BREACH EXPOSES 400K BANK CUSTOMERS’ INFO

A information breach astatine fintech steadfast 700Credit exposed the idiosyncratic accusation of much than 5.8 cardinal radical aft hackers accessed information done a third-party vendor. (Photo by Philip Dulian/picture confederation via Getty Images)

What went incorrect astatine 700Credit

The institution says the breach traces backmost to July, erstwhile a menace histrion compromised 1 of its third-party integration partners, arsenic reported by Bleeping Computer. During that intrusion, the attacker discovered an exposed API that could beryllium utilized to entree lawsuit accusation linked to 700Credit's dealership clients. The integration spouse failed to pass 700Credit astir the compromise, allowing the entree to proceed unnoticed.

Suspicious enactment was lone detected connected October 25, erstwhile 700Credit flagged antithetic behaviour connected its systems and launched an interior investigation. The institution says it brought successful third-party machine forensic specialists to measure the scope of the incidental and find what information had been affected.

According to the company's findings, definite records wrong its web exertion were copied without authorization. These records are related to customers of car dealerships that usage 700Credit's services. Managing Director Ken Hill aboriginal confirmed that astir 20% of the user information accessible done the affected strategy was stolen betwixt May and October.

What information was exposed and wherefore it matters

While 700Credit has not published an exhaustive database of each information tract involved, the institution has confirmed that highly delicate idiosyncratic accusation was exposed. This includes Social Security numbers, which importantly raises the hazard of individuality theft and fiscal fraud. When SSNs are compromised, the interaction is long-term. You cannot simply alteration them similar a password.

The institution has published a dedicated leafage connected its website outlining the breach and the types of accusation impacted. As portion of its response, 700Credit is offering affected individuals 12 months of escaped individuality extortion and recognition monitoring done TransUnion. You person a 90-day model to enroll successful this work aft receiving the notification.

Notably, audio streaming level SoundCloud and big video sharing level Pornhub besides suffered information breaches tied to third-party vendors. There is nary denotation that the aforesaid vendor was progressive successful each 3 incidents, but the cases item however risky third-party entree tin beryllium erstwhile vendors grip delicate user data.

CyberGuy reached retired to 700Credit for remark but did not person a effect earlier publication.

PASSWORD MANAGER FINED AFTER MAJOR DATA BREACH

Social Security numbers were among the delicate information stolen successful a monthslong breach involving 700Credit and an extracurricular integration partner. (Photo by Matt Cardy/Getty Images)

6 steps you tin instrumentality to enactment harmless aft a information breach

When breaches similar this happen, the harm is not ever immediate. Your information tin beryllium successful underground markets for months earlier it is abused. That is wherefore it helps to fastener things down early. Here are six applicable steps you tin take.

1) Use beardown antivirus software 

A bully antivirus helps artifact malicious downloads, phishing links and spyware that often travel ample information leaks. Attackers cognize your details are exposed and whitethorn effort to people you straight with malware-based scams.

The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe.

Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

2) Switch to a password manager

If you are inactive reusing passwords, this is the clip to stop. A password manager helps you make strong, unsocial passwords for each work and keeps them stored securely. If 1 tract is breached, the remainder of your accounts enactment protected.

Next, spot if your email has been exposed successful past breaches. Our #1 password manager (see Cyberguy.com) prime includes a built-in breach scanner that checks whether your email code oregon passwords person appeared successful known leaks. If you observe a match, instantly alteration immoderate reused passwords and unafraid those accounts with new, unsocial credentials. 

Check retired the champion expert-reviewed password managers of 2025 at Cyberguy.com.

3) Enable two-factor authentication everywhere

Turn on 2FA for email, banking, societal media and unreality accounts. Even if idiosyncratic has your password, they cannot log successful without the 2nd factor. App-based authenticators are much unafraid than SMS, wherever possible.

4) Sign up for individuality theft and recognition monitoring

Monitoring services alert you erstwhile caller accounts, loans oregon recognition checks look successful your name. Early alerts springiness you a accidental to enactment earlier superior fiscal harm is done.

Identity Theft companies tin show idiosyncratic accusation similar your Social Security number, telephone fig and email address, and alert you if it is being sold connected the acheronian web oregon being utilized to unfastened an account. They tin besides assistance you successful freezing your slope and recognition paper accounts to forestall further unauthorized usage by criminals.

See my tips and champion picks connected however to support yourself from individuality theft at Cyberguy.com.

PETCO CONFIRMS MAJOR DATA BREACH INVOLVING CUSTOMER DATA

Hackers softly accessed user information tied to car dealerships utilizing 700Credit services earlier the breach was discovered successful October. (Photo by Jaque Silva/NurPhoto via Getty Images)

5) Consider a idiosyncratic information removal service

Your telephone number, code and different details are often already scattered crossed information broker sites. Data removal services assistance trim your integer footprint, making it harder for attackers to illustration and people you aft a breach.

While nary work tin warrant the implicit removal of your information from the internet, a information removal work is truly a astute choice. They aren't cheap, and neither is your privacy. These services bash each the enactment for you by actively monitoring and systematically erasing your idiosyncratic accusation from hundreds of websites. It's what gives maine bid of caput and has proven to beryllium the astir effectual mode to erase your idiosyncratic information from the internet. By limiting the accusation available, you trim the hazard of scammers cross-referencing information from breaches with accusation they mightiness find connected the acheronian web, making it harder for them to people you.

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com.

6) Freeze your recognition if SSNs are exposed

If your Social Security fig is involved, a recognition frost is 1 of the strongest defenses. It prevents caller recognition accounts from being opened without your support and tin beryllium lifted temporarily erstwhile needed. To larn much astir however to bash this, spell to Cyberguy.com and search "How to frost your credit."

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt's cardinal takeaway

Third-party APIs and integrations are indispensable for modern integer services, but they besides grow the onslaught surface. When third-party partners neglect to disclose breaches quickly, the downstream interaction tin beryllium massive, arsenic this lawsuit shows. If you person a notification from 700Credit, instrumentality it seriously. Enroll successful the recognition monitoring service, reappraisal your recognition reports, and see locking them down. Even if nary fraud has occurred yet, breaches involving SSNs often pb to delayed maltreatment months oregon adjacent years later.

Should companies beryllium held accountable erstwhile a third-party vendor exposes lawsuit information? Let america cognize by penning to america at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts, and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide - escaped erstwhile you articulation my CYBERGUY.COM newsletter.