700Credit, a credit check and compliance provider, suffered a significant data breach in late October, affecting nearly 18,000 dealerships and more than 5.6 million customers. On today’s episode of Inside Automotive, 700Credit Managing Director Ken Hill discusses what happened and how the company is responding.
700Credit communicates with over 200 integration partners through APIs. One of those partners was compromised in July, but the company did not notify 700Credit. Hackers took over that partner’s system and gained access to communications logs, which exposed an API used to pull consumer information. The breach revealed a vulnerability in 700Credit’s validation process.
On Oct. 25, hackers launched a sustained velocity attack that continued for more than two weeks. Although 700Credit shut down the exposed API, attackers still managed to obtain about 20% of consumer data from May to October 2025. The attack did not penetrate 700Credit’s internal systems, which remained operational throughout the incident.
"I wanted to be able to tell our customers that we've done everything we could."
Hill urges dealership groups of all sizes, particularly those with limited cybersecurity budgets, to prioritize education and adopt best practices to reduce the risk of becoming targets.
700Credit, in partnership with the National Automobile Dealers Association (NADA), coordinated with the Federal Trade Commission (FTC) to file a consolidated breach notice on behalf of all affected dealerships. The company also reported the incident to the FBI on behalf of the dealers.
The company is currently notifying state agencies and impacted consumers. All affected consumers will receive one to two years of free credit monitoring, a free credit report and access to a dedicated support line.
The company has increased its cybersecurity insurance, strengthened API inspections and is moving toward a more secure system backbone with enhanced protections.
