Two cybersecurity breaches at financial services companies have compromised the personal data of millions of Americans, raising alarms about vulnerabilities in the sector.
San Francisco-based Prosper Marketplace revealed last week that hackers accessed the personal identifying information of 13.1 million individuals. The company detected unauthorized activity on its systems on September 1, with the intrusion occurring between June and August.
Prosper stated in its notice: “On September 1, 2025, Prosper discovered unauthorized activity on our systems. We acted quickly to stop the activity and enhance our security measures, and we began working with a leading cybersecurity firm to investigate what happened.”
Although no customer accounts or funds were breached, the stolen data encompassed names, Social Security numbers, national identification numbers, birth dates, bank account details, Prosper account numbers, financial application information, driver’s license numbers, passports, tax records, and payment card numbers.
State regulatory reports indicate over 1.1 million affected in Texas, 236,000 in South Carolina, and 249,000 in Washington. The firm, established in 2005, operates a peer-to-peer lending platform serving more than 2 million borrowers who have obtained over $28 billion in personal loans, alongside home equity products and credit cards, Cyber Express reported.
Prosper is contacting those impacted, providing two years of credit monitoring and identity restoration via Experian, and has informed law enforcement while bolstering its defenses.
Separately, Michigan’s 700Credit reported Friday that a breach, detected on October 25, exposed data of 5,836,521 people, with the data theft spanning from May to October.
The company, which supplies credit reports, identity checks, fraud prevention, and compliance tools to about 18,000 auto, RV, powersports, and marine dealerships nationwide, saw names, Social Security numbers, birth dates, and addresses compromised.
In its notification, 700Credit said: “700Credit regrets to inform you that our industry was attacked again by a bad actor who had unauthorized access to some of our personally identifiable information (PII), including name, address, and social security number,” Security Affairs reported.
It added: “The investigation is ongoing and most importantly there is no indication of any identity theft, fraud, or other misuse of information in relation to this event.”
The intrusion was confined to the application layer, sparing internal networks and operations. 700Credit is handling notifications to affected consumers, offering credit monitoring, and has reported the matter to the FBI and the FTC. It secured FTC approval for a unified breach filing covering all dealers, eliminating their need for individual submissions, though state obligations persist.
The notice continued, per Security Affairs: “We pledge to take extraordinary steps necessary to assist consumers and notify required parties on behalf of dealers. We timely notified the FBI and the FTC and confirmed with the FTC that 700Credit’s filing on behalf of all dealers is sufficient to meet dealer obligations to notify the FTC.”
“In addition, we will be notifying State AG offices on behalf of dealers. Impacted consumers will also be notified and offered credit monitoring services and assistance they may need. 700Credit has also been working directly with NADA [National Automobile Dealers Association].”
Michigan Attorney General Dana Nessel highlighted the incident’s reach, noting over 160,000 residents affected, and urged action: “If you get a letter from 700Credit, don’t ignore it. It is important that anyone affected by this data breach takes steps as soon as possible to protect their information,” Security Affairs reported.
Nessel added: “A credit freeze or monitoring services can go a long way in preventing fraud, and I encourage Michiganders to use the tools available to keep their identity safe.”
Both firms advise monitoring credit reports, watching for suspicious activity, enabling multifactor authentication, strengthening passwords, and being cautious of phishing attempts. Consumers can access free weekly credit reports from major bureaus.
No group has claimed responsibility for the Prosper or 700Credit breaches, but experts warn of heightened risks of identity theft and fraud in the financial industry.