A massive breach at the credit reporting firm 700Credit has led to the leakage of private details of over 5.6 million people, throwing a new set of concerns on the risk of third-party security in the financial services value chain. The firm has admitted that the breach was a result of a supply chain attack on one of its third-party integration partners and did not originate from an internal breach.
According to the revelations made, this breach has its roots going back to late October 2025, when 700Credit noticed some unusual traffic associated with an exposed API. The firm has more than 200 integration partners who are connected to consumers’ data through APIs. It has been found that one of these partners was compromised as early as July 2025, but this notification was not made to 700Credit, thus leaving an opportunity for hackers to gain unlawful access to an API used for fetching consumers’ credit details from this API connected environment.
700Credit called this attack a “sustained velocity attack” that began October 25 and continued for over two weeks before being completely contained. Although the company was able to disable their vulnerable API once aware of the attack, attackers had already harvested a large chunk of customer information by exploiting this security hole. The attack is estimated to have compromised 20 percent of available information that was accessed through this vulnerability.
The compromised information
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: