700Credit has verified reports that the company was the victim of an October cyberattack that resulted in the theft of customer records with nonpublic personal information. In a statement, executives say they have been working with the National Automobile Dealers Association to craft an action plan for retailers.

Automotive News, CBT News and other sources have reported that about 5.6 million customers of nearly 18,000 U.S. and Canadian dealerships were affected. DataBreach.io was the first to report that the records have been offered for sale on the dark web with an $8.4 million asking price.

“We have engaged cybersecurity experts who did not identify any impact on our internal network, and confirmed all activity is limited within the 700Dealer.com application layer,” 700Credit’s statement reads, in part. “We confirm there is no operational impact on our business, and we are able to continue providing services as scheduled.”

NADA’s guidance focuses on compliance with the Federal Trade Commission’s Safeguards Rule. Among other steps, the rule requires affected dealers to alert affected customers within 30 days of being notified of a data breach. 700Credit executives say dealer notifications have been mailed.

Read more at 700Credit