700Credit Breach Exposes Data of 5.6 Million Individuals
On December 17, 2025, the cybersecurity community was rocked by the breach of 700Credit, a Michigan-based credit verification provider. This incident compromised sensitive data of approximately 5.6 million individuals due to a flawed API in a partner's software integration. The breach, which occurred between May and October 2025, exposed critical information such as names, addresses, birth dates, and Social Security numbers. In response, 700Credit is offering a year of credit monitoring to affected individuals and has reported the incident to the FBI and FTC. This breach not only highlights vulnerabilities in API integrations but also underscores the need for rigorous security protocols in third-party partnerships. Organizations must prioritize security assessments to safeguard sensitive data and prevent similar occurrences in the future. Read more.
Also In Security Today
- BRICKSTORM Malware Campaign: A joint advisory from CISA and NSA warns of a sophisticated malware campaign leveraging BRICKSTORM, attributed to state-sponsored Chinese actors. Targeting VMware vSphere and Windows environments, organizations are urged to strengthen network security measures to mitigate risks. Learn more.
- React2Shell Vulnerability: The React2Shell vulnerability scores a perfect 10.0 on the CVSS scale, enabling unauthenticated remote code execution across several React versions. Developers must act quickly to deploy patches and reassess application security. Find out more.
- CyberVolk Ransomware Bug: Researchers uncovered a significant bug in the VolkLocker ransomware, allowing victims to decrypt files without ransom payment. This discovery raises questions about the quality control of ransomware deployments. Read the details.