Last week, 700Credit, LLC announced a significant data breach involving unauthorized access to personally identifiable information (PII) from auto financing applications processed between May and October 2025. While 700Credit has confirmed that there is currently no evidence of identity theft, fraud, or other misuse of the compromised information, the incident triggers important notification requirements under both the Federal Trade Commission’s Safeguards Rule and New Hampshire’s Data Breach Notification Law (RSA 359-C:19–21).
Under the FTC Safeguards Rule, financial institutions, including automobile dealerships, must report breaches affecting 500 or more consumers within 30 days. Similarly, New Hampshire law requires businesses that own or license computerized data containing personal information of state residents to:
700Credit has confirmed that it will manage all required notifications. This includes submitting a consolidated filing to the FTC (which the FTC has agreed to accept), notifying all impacted individuals directly, offering free credit monitoring and identity protection services, and informing the New Hampshire Attorney General’s Office and other state agencies on behalf of dealers.
For dealerships with New Hampshire customers, no further action is required regarding consumer or regulatory notifications. However, if your stores or customers are located in other states, we recommend consulting with legal counsel to confirm your obligations under applicable state laws.
Author: Hilary Holmes Rheaume