Two recent cybersecurity incidents involving financial services providers have exposed the personal information of millions of individuals, highlighting ongoing risks across the fintech and credit reporting ecosystem. The larger of the two incidents involves Prosper Marketplace cybersecurity incident, confirmed last week by the San Francisco-based fintech company. Prosper disclosed that 13.1 million people were affected after unauthorized activity was discovered on its systems on September 1, 2025. A subsequent investigation revealed that attackers accessed data between June and August 2025.

Prosper Marketplace Cybersecurity Incident Details

In its official notice, Prosper stated, "On September 1, 2025, Prosper discovered unauthorized activity on our systems. We acted quickly to stop the activity and enhance our security measures, and we began working with a leading cybersecurity firm to investigate what happened." While Prosper emphasized that there was no evidence of unauthorized access to customer accounts or funds, attackers were able to obtain a wide range of sensitive personal and financial data. The exposed information includes names, Social Security numbers, national ID numbers, dates of birth, bank account numbers, Prosper account numbers, financial application details, driver’s license numbers, passports, tax information, and payment card numbers. Regulatory filings show the scale of the exposure across states, with more than 1.1 million affected individuals in Texas, 236,000 in South Carolina, and 249,000 in Washington state. Prosper said it has begun notifying affected individuals and is offering two years of credit monitoring and identity restoration services through Experian. The company also confirmed that law enforcement was notified about cybersecurity incidents, and additional security and monitoring controls have been deployed. Founded in 2005, Prosper is best known for its peer-to-peer lending platform, through which more than 2 million customers have borrowed over $28 billion in personal loans. The company also offers home equity loans, lines of credit, and credit card products.

700Credit Security Incident Impacts Over 5.8 Million People

In a separate cybersecurity incident, Michigan-based 700Credit data exposure affected 5,836,521 individuals, according to a notice issued on Friday. The incident was discovered on October 25, 2025, when the company’s IT team identified unauthorized access to its systems. 700Credit provides credit reports, compliance solutions, identity verification, and fraud detection services to car dealerships across the U.S. The company said attackers made copies of data stored within its systems. The compromised information includes names, Social Security numbers, dates of birth, and physical addresses. Following the incident, 700Credit confirmed it will file a consolidated breach notice with the FTC on behalf of its affected dealership clients, after receiving approval from the agency. “We timely notified the FBI and the FTC and confirmed with the FTC that 700Credit’s filing on behalf of all dealers is sufficient to meet dealer obligations to notify the FTC.  In addition, we will be notifying State AG offices on behalf of dealers.  Impacted consumers will also be notified and offered credit monitoring services and assistance they may need. 700Credit has also been working directly with NADA,” the company said in a notice. As a result, dealers are not required to file separate FTC breach notifications related to this incident. However, dealers are still responsible for complying with state-level breach notification requirements, which remain unaffected by the FTC’s decision. Dealers have been advised to consult legal counsel to ensure compliance with applicable state laws.

Financial Services Sector Faces Rising Cybersecurity Incidents

The Prosper and 700Credit incidents come just weeks after a cyberattack on SitusAMC, a company used by major banks for real estate loan and mortgage services. That incident, discovered on November 12, 2025, involved stolen accounting records and legal agreements. Together, these cybersecurity incidents emphasise a growing trend: financial services providers and fintech companies are increasingly targeted for the volume and sensitivity of data they hold. While no threat actor has publicly claimed responsibility for either the Prosper Marketplace or 700Credit incidents, the scale of exposure raises concerns about identity theft, financial fraud, and long-term consumer risk. Both companies have urged affected individuals to remain vigilant, monitor their credit reports, and report any suspicious activity.