Cyber Criminals Breach 700Credit Systems, Exposing Data of 5.8 Million

Michigan-based 700Credit reported that in October, cyber criminals infiltrated its internal systems, compromising and gaining access to the personal information of more than 5.8 million individuals.

 

700Credit is a Michigan-based financial technology company that provides credit reporting, identity verification, fraud prevention, and compliance solutions for auto, RV, powersports, and marine dealerships.

 

In a data security incident notice filed with the Office of Maine Attorney General, 700Credit said that on  October 25, it identified unauthorised access within its web application. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems including taking them offline and notified relevant law enforcement authorities about the same.

 

“The investigation determined that certain records in the web application relating to customers of our dealership clients were copied without authorisation,” 700Credit said.

 

The compromised data included names, addresses, dates of birth, and Social Security numbers. The filing with the Maine state regulator also states that 700Credit has identified at least 5,836,521 individuals impacted by the incident. 

 

“This investigation and response included confirming the security of our network environment, which was not impacted by this incident, reviewing the content of relevant records for sensitive information, and notifying potentially impacted individuals. As part of our ongoing commitment to the privacy of information in our care, we are reviewing our policies, procedures and processes related to the storage and access of personal information to reduce the likelihood of a similar future event,” 700Credit added.

 

The fintech company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Transunion to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on 700Credit. The fintech giant also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.