Nearly 20 million affected by Prosper, 700Credit data breaches

Two recent data breaches involving financial institutions exposed the sensitive personal information of millions. 

More than 13 million people had information accessed by hackers during a security incident involving San Francisco-based fintech company Prosper Marketplace. 

The company released a statement about the cyberattack last week and has sent notices to several state regulators this month about the cyberattack, which was initially discovered on September 1. 

Prosper notified law enforcement but an investigation revealed the hackers gained access to data between June and August 2025 that included personal information. The company said there was “no evidence of unauthorized access to customer accounts and funds.”

The stolen information includes names, Social Security numbers, national ID numbers, bank account numbers, financial application information, driver’s license numbers, marriage or birth certificates, passport numbers, tax information and payment card numbers. 

The company reported more than 1.1 million victims in Texas, 236,000 in South Carolina and 249,000 in Washington state. A spokesperson for Prosper confirmed that 13.1 million people in total were affected by the data breach. 

Created in 2005, Prosper built its business around peer-to-peer lending — where people can seek out personal loans from a variety of investors. Since then, more than 2 million people have borrowed $28 billion in personal loans, according to the company. It also offers home equity loans and lines of credit. 

Victims of the security incident are being given two years of identity protection services. No hacking group has taken credit for the attack as of Monday. 

700Credit incident

On Friday, car dealership service provider 700Credit warned that 5,836,521 people were affected by a data breach that occurred on October 25. 

The company provides credit reports, compliance products, identity verification and fraud detection solutions to car dealerships. 

Michigan-based 700Credit said it provided notices to victims on behalf of its dealership clients. 

The company’s IT team discovered the attack on October 25 and found the hackers made copies of information they accessed in 700Credit systems.

This information includes names, Social Security numbers, dates of birth and addresses. 

“Upon becoming aware of the event, 700Credit moved quickly to investigate and respond to the incident, assess the security of 700Credit systems, and identify potentially affected individuals,” the company said. 

“Further, 700Credit notified federal law enforcement and the Federal Trade Commission regarding the event.”

The company is offering victims one year of identity protection services. 

The announcement comes three weeks after Wall Street scrambled to recover from a cyberattack that impacted a prominent company used by major banks for real-estate loans and mortgages. 

SitusAMC said the incident was discovered on November 12 and involved data stolen from its systems that includes accounting records and legal agreements. 

The last 24 months have seen dozens of attacks targeting financial institutions likes credit unions and banks, including Patelco, Mr. Cooper, LoanDepot, Fidelity National Financial, Nations Direct Mortgage and First American.