CrossCheck reports data breach

CrossCheck, Inc., a payment processing company, is reporting a data breach that potentially exposed confidential information belonging to AutoNation customers. CrossCheck, Inc., founded in 1983 and headquartered in Petaluma, California, is a payment processing company that provides check verification, guarantee, electronic processing, and payment services to merchants nationwide.

The security incident was first detected on May 30, 2024, when the company observed unusual activity within its merchant portal system.

The investigation revealed that an unauthorized actor gained access to CrossCheck's merchant portal during a three-day period between May 18, 2024, and May 20, 2024. During this time, the unauthorized party accessed confidential information belonging to certain consumers who were customers of AutoNation.

CrossCheck collaborated with AutoNation to obtain contact addresses for all affected individuals. The nature of the attack, types of exposed data and the number of affected individuals is not disclosed.

On March 4, 2025, approximately six months after completing its investigation, CrossCheck began sending data breach notification letters to all individuals whose information was compromised in the incident.