**Millions Impacted in Two Major Financial Sector Data Breaches**
Two recent cybersecurity incidents at financial services providers have exposed the personal and financial data of nearly 19 million individuals, underscoring persistent vulnerabilities in the fintech and credit reporting sectors.
Prosper Marketplace Breach Affects 13.1 Million
San Francisco-based Prosper Marketplace, a peer-to-peer lending platform, confirmed on September 1, 2025, that unauthorized activity was detected on its systems. An investigation revealed attackers accessed sensitive data between June and August 2025, compromising records for 13.1 million individuals.
Exposed information includes:
- Names, Social Security numbers, and national ID numbers
- Dates of birth, bank account details, and Prosper account numbers
- Driver’s license numbers, passport data, tax information, and payment card numbers
While Prosper stated there was no evidence of unauthorized access to customer funds, the breach has prompted notifications to affected individuals, along with two years of credit monitoring and identity restoration services via Experian. Law enforcement was notified, and additional security measures have been implemented.
The breach disproportionately impacted certain states, with 1.1 million affected in Texas, 236,000 in South Carolina, and 249,000 in Washington.
700Credit Data Exposure Impacts 5.8 Million
Michigan-based 700Credit, which provides credit reports and fraud detection services to U.S. car dealerships, disclosed a separate incident on October 25, 2025, after detecting unauthorized access to its systems. Attackers copied data belonging to 5,836,521 individuals, including:
- Names, Social Security numbers, and dates of birth
- Physical addresses
700Credit will file a consolidated breach notice with the FTC on behalf of affected dealerships, following agency approval. The company has also notified the FBI and will coordinate with state attorneys general. While dealers are relieved of FTC reporting obligations, they remain responsible for state-level breach notifications.
Financial Sector Under Growing Threat
These incidents follow a November 2025 cyberattack on SitusAMC, a mortgage servicing provider, further highlighting the financial sector’s appeal to cybercriminals. No threat actors have claimed responsibility for the Prosper or 700Credit breaches, but the scale of exposure raises concerns about identity theft and financial fraud.
Both companies have advised affected individuals to monitor their credit reports for suspicious activity.
Source: https://thecyberexpress.com/cybersecurity-incidents-prosper-700credit/
Prosper Marketplace cybersecurity rating report: https://www.rankiteo.com/company/prosper-marketplace
"id": "PRO1765994381",
"linkid": "prosper-marketplace",
"type": "Breach",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '13,100,000',
'industry': 'Financial Services',
'location': 'San Francisco, California, USA',
'name': 'Prosper Marketplace',
'size': 'Large',
'type': 'Fintech Company'},
{'customers_affected': '5,836,521',
'industry': 'Financial Services',
'location': 'Michigan, USA',
'name': '700Credit',
'size': 'Large',
'type': 'Credit Reporting and Compliance Solutions '
'Provider'}],
'customer_advisories': 'Affected individuals urged to remain vigilant, '
'monitor credit reports, and report suspicious '
'activity.',
'data_breach': {'data_exfiltration': 'Yes (attackers made copies of data in '
'700Credit incident)',
'number_of_records_exposed': ['13,100,000 (Prosper)',
'5,836,521 (700Credit)'],
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'dates of birth, '
'physical addresses, '
'driver’s license '
'numbers, passports, '
'tax information, bank '
'account numbers, '
'payment card numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': ['2025-09-01', '2025-10-25'],
'date_publicly_disclosed': ['2025-11-01', '2025-11-01'],
'description': 'Two recent cybersecurity incidents involving financial '
'services providers have exposed the personal information of '
'millions of individuals. Prosper Marketplace confirmed '
'unauthorized activity affecting 13.1 million people, while '
'700Credit reported a data exposure impacting over 5.8 million '
'individuals.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Sensitive personal and financial data, '
'including names, Social Security numbers, '
'national ID numbers, dates of birth, bank '
'account numbers, Prosper account numbers, '
'financial application details, driver’s '
'license numbers, passports, tax information, '
'and payment card numbers (Prosper); names, '
'Social Security numbers, dates of birth, and '
'physical addresses (700Credit)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential regulatory fines and legal actions',
'payment_information_risk': 'High (Prosper)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Financial services providers and fintech companies are '
'increasingly targeted for the volume and sensitivity of '
'data they hold. Enhanced monitoring and rapid incident '
'response are critical to mitigating risks.',
'post_incident_analysis': {'corrective_actions': 'Additional security and '
'monitoring controls '
'deployed (Prosper); '
'enhanced security measures '
'and credit monitoring '
'services (700Credit)'},
'ransomware': {'data_exfiltration': 'Yes (700Credit)'},
'recommendations': 'Affected individuals should monitor their credit reports, '
'report suspicious activity, and utilize offered credit '
'monitoring services. Companies should strengthen security '
'controls and ensure compliance with regulatory '
'requirements.',
'references': [{'source': 'Prosper Marketplace Official Notice'},
{'source': '700Credit Notice'}],
'regulatory_compliance': {'regulations_violated': ['State-level breach '
'notification laws',
'Potential FTC '
'regulations'],
'regulatory_notifications': ['FTC notified '
'(700Credit)',
'State AG offices to '
'be notified '
'(700Credit)']},
'response': {'communication_strategy': 'Official notices issued, affected '
'individuals notified, regulatory '
'filings submitted',
'containment_measures': 'Unauthorized activity stopped, '
'additional security and monitoring '
'controls deployed (Prosper); '
'unauthorized access identified and '
'contained (700Credit)',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': ['Yes (Prosper)', 'Yes (700Credit)'],
'remediation_measures': 'Enhanced security measures, credit '
'monitoring and identity restoration '
'services offered (Prosper); credit '
'monitoring services offered (700Credit)',
'third_party_assistance': 'Leading cybersecurity firm (Prosper); '
'FBI and FTC notified (700Credit)'},
'stakeholder_advisories': 'Dealers advised to consult legal counsel for '
'state-level breach notification compliance '
'(700Credit).',
'title': 'Prosper Marketplace Cybersecurity Incident and 700Credit Data '
'Exposure',
'type': ['Data Breach', 'Unauthorized Access']}