Major Breach at 700Credit Exposes 5.6 Million Records

On December 21, 2025, 700Credit, a key provider of credit verification services, reported a significant data breach that compromised the personal information of over 5.6 million individuals. The breach was attributed to a flaw in an API connection, which allowed unauthorized access to sensitive data, including Social Security numbers and bank account details. This incident has particularly impacted numerous auto dealerships that rely on 700Credit's services. Organizations are urged to assess their data protection strategies and ensure compliance with cybersecurity regulations to prevent similar breaches in the future. Source.

Also In Security Today

Cisco Zero-Day Vulnerability: Cisco disclosed a critical zero-day vulnerability (CVE-2025-20393) affecting its IOS XE software. This flaw, exploited by advanced persistent threat actors, allows remote code execution on enterprise routers. Urgent patching is advised. Source.

Marquis Data Breach: A cyberattack on financial vendor Marquis exposed personal information of over 400,000 customers due to an unpatched firewall vulnerability. This breach significantly impacts multiple banks and credit unions. Source.

Emerging Threats from Iranian APT: The Iranian APT group "Infy" has resurfaced, targeting various countries with updated malware for cyber espionage. Their tactics include advanced phishing strategies. Source.

Mixpanel Data Breach: The Mixpanel data breach has compromised millions of user records across multiple platforms, including Pornhub and SoundCloud. Investigations are underway regarding the breach's broader implications. Source.

Analyst's Take

Today's events underscore the critical vulnerabilities many organizations face, particularly with third-party vendors like 700Credit and Marquis. The exploitation of known vulnerabilities highlights the imperative for timely patching and robust security practices. Security professionals must prioritize vulnerability assessments and implement multi-layered defenses to mitigate risks from both emerging threats and known exploits. The resurgence of state-sponsored actors like the Iranian APT group further emphasizes the need for enhanced threat intelligence and proactive security measures.