Data breaches in the financial services sector are increasingly common and, unfortunately, quite costly—especially when they involve Social Security numbers. Recently, the fintech company 700 Credit acknowledged that personal data of over 5.8 million individuals had been compromised. The alarming part is that this breach didn’t originate from 700 Credit’s internal systems but instead stemmed from a third-party integration partner. It took months for the issue to come to light, and by the time it was contained, hackers had already accessed substantial amounts of sensitive consumer data.
What happened with 700 Credit?
The breach reportedly began back in July, when Bleeping Computer revealed that hackers had broken into one of 700 Credit’s third-party partners. This breach exposed an API that granted access to customer data tied to 700 Credit’s merchant clients. Shockingly, the integration partner failed to notify 700 Credit, allowing the attackers to operate undetected.
Things began to look suspicious on October 25, prompting 700 Credit to investigate unusual activity within its systems. They later enlisted external forensic experts to evaluate the situation and identify the affected data. Findings suggested that certain records related to customers from car dealerships using 700 Credit’s services were copied without authorization. According to Managing Director Ken Hill, about 20% of the consumer data accessible through these systems was stolen between May and October.
What’s at stake with the leaked data?
While 700 Credit hasn’t detailed every type of data involved, reports confirm that highly sensitive information—including social security numbers—was compromised. This significantly raises the risk of identity theft and financial fraud. Unlike a password, once an SSN is out there, it’s nearly impossible to change.
The company has created a dedicated webpage with more information about the data breach and types of affected information. Additionally, they are offering affected individuals one year of free identity protection and credit monitoring via TransUnion, which must be registered for within 90 days of notification.
Interestingly, other platforms like SoundCloud and Pornhub have also experienced data breaches linked to third-party vendors. Even though there’s no evidence tying the same vendor to these different cases, it underscores the risks that come with third-party data access when it involves sensitive consumer information.
Steps to enhance your safety after a data breach
When a breach happens, the fallout isn’t always immediate. Sometimes the data can linger on the dark web for months, waiting to be exploited. Here are some practical steps you might consider:
1) Utilize strong antivirus software
A robust antivirus program can help fend off malicious downloads and phishing attacks related to data breaches. Given that attackers are often on the lookout for easy targets, having good antivirus protection can make a real difference.
2) Transition to a password manager
If you’re still using the same passwords across different sites, it might be time to rethink that. A password manager not only helps you create unique passwords but also secures them. In case one of your accounts is compromised, others remain safe.
3) Enable two-factor authentication everywhere
Turning on 2FA for all your accounts adds an extra layer of security. Even if someone acquires your password, they can’t easily access your accounts without that second factor.
4) Enroll in identity theft and credit monitoring
These services can alert you to any new accounts or loans opened in your name, giving you a chance to respond before any real harm is done. They can keep tabs on your SSN, phone number, and email, notifying you if they’re being misused.
5) Consider services for data deletion
Your personal information is likely scattered online, making it easy for scammers to exploit it. Data deletion services work to minimize your digital footprint by removing your details from various data broker sites. While there’s no foolproof solution, they can enhance your safety.
6) Freeze your credit if your SSN is compromised
A credit freeze can serve as a strong defense against new credit accounts being opened in your name. This puts a halt to any attempts to create new accounts without your permission.
Key takeaways
The incidents involving third-party APIs and integrations show how vital it is to address security vulnerabilities. If you receive any notification from 700 Credit, treat it seriously. Signing up for a credit monitoring service, scrutinizing your credit report, and potentially freezing your credit can help safeguard your financial well-being. Even if there’s no immediate fallout, breaches involving Social Security numbers can lead to problems long afterward.
Should companies be held accountable when a third-party vendor compromises customer data? Feel free to share your thoughts.
