700CREDIT Date Breach
700Credit reports that attackers accessed its 700Dealer.com web application on October 25 and copied consumer names, addresses, and Social Security numbers. The affected data relates to consumer activity between May 2025 and October 2025. 700Credit states that its internal network remained secure and that it notified impacted dealerships on November 21.
Nearly 18,000 dealerships and approximately 5.6 million consumers were included in the compromised data set, according to 700Credit.
FTC Safeguards Rule Requirements
The FTC Safeguards Rule requires financial institutions (including dealers) to provide an online notice to the FTC when there has been an unauthorized acquisition of unencrypted information involving over 500 customers. Because of the lack of information available to dealers to determine whether a notice must be provided to the FTC, and what information must be included in its data fields, NADA – in coordination with 700Credit counsel – requested that the FTC permit 700Credit to file a consolidated notice on behalf of all of its affected dealer clients. The FTC approved NADA’s proposal. This relieves dealers of this notification requirement unless they choose to opt out and determine their FTC filing obligations on their own.
Minnesota’s breach-notification statute does not apply to dealerships that provide financing because they qualify as financial institutions and are therefore exempt.
The Safeguards Rule also requires dealerships to maintain a written information security program that includes a documented incident response plan. You should review your incident response plan and take any appropriate actions in light of the 700Credit incident. You should also consider contacting your cybersecurity insurance provider to determine whether your policy requires any additional steps.
For additional information and guidance, click here to access an article published by ComplyAuto.
This alert is for general informational purposes only and does not constitute legal advice. You should consult your attorney regarding how these requirements apply to your dealership’s specific circumstances.
