If you get a letter from a company called 700Credit, don’t ignore it. Your information may have been compromised in a massive breach affecting more than 5.8 million consumers, and you should take the necessary steps to protect your data.
700Credit supplies credit and identity verification services to more than 21,000 vehicle, RV, powersport, and marine dealerships in the U.S., so if you’ve purchased a vehicle and applied for dealer financing—or even been pre-screened or pre-qualified to do so—your information could have been affected.
What happened with 700Credit?
According to the company’s filing with the Maine Attorney General, 700Credit’s systems were hacked between Oct. 25 and Oct. 27. Attackers stole personal information about customers of 700Credit’s dealership clients, including names, addresses, Social Security numbers (SSNs), and dates of birth.
As BleepingComputer reports, this breach was actually a consequence of a system compromise back in July at one of 700Credit’s 200 integration partners. Threat actors were able to gain access to an API used to pull consumer data, and a security vulnerability in the API allowed them to exfiltrate information from 700Credit.
What you need to do
If you receive a data breach notice from 700Credit, read it carefully. 700Credit is offering 12 months of credit monitoring and identity restoration services through TransUnion’s Cyberscout to affected consumers. You will need to go to the URL listed in your notice and enter your unique activation code in order to enroll, and you have 90 days from the date of the letter to complete the process.
What do you think so far?
700Credit expects to begin notifying individuals starting on Dec. 22.
In addition to utilizing the free credit protection, you should take the usual precautions to lock down your identity:
-
Freeze your credit at all three credit bureaus (Experian, Equifax, and TransUnion).
-
Place a fraud alert on your credit file. You only need to do this at one bureau, which will apply it to all three.
-
Keep an eye on your financial accounts for suspicious transactions as well as your credit report. Note that if your credit is frozen, thieves shouldn’t be able to take out new credit in your name.
-
Request an IP PIN from the IRS to prevent someone from filing a tax return using your SSN.
-
Follow good digital hygiene practices, such as using strong passwords and multi-factor authentication.
You cannot reverse a data breach, but you can (and should) do damage control.
