CarGurus
HighIn 2026, CarGurus suffered a breach impacting over 12M records, including personal and financial data, following an extortion attempt.
- Records exposed
- 12,461,887 records
- Breach date
- Breach Feb 14, 2026
- Last update
- Updated Feb 22, 2026
What data was exposed?
Fields reported as compromised in this breach record.
Why does this breach matter?
In-depth analysis of the breach and its implications.
In February 2026, the automotive marketplace CarGurus experienced a significant data breach. This incident involved the publication of more than 12 million customer and dealer records after an unsuccessful extortion attempt by the threat actor ShinyHunters. The compromised data included email addresses, names, phone numbers, physical addresses, IP addresses, user account mappings, financial pre-qualification application data, and dealership account information.
Impact Analysis
Understanding the scope and consequences of this breach.
- User Impact
- Users experienced exposure of sensitive personal and financial data, increasing the risk of fraud and identity theft.
- Business Impact
- CarGurus faced reputational damage, potential regulatory action, and financial scrutiny associated with managing the breach.
- Affected Sectors
- Automotive Sales and Service
- Geographic Impact
- Global
What You Should Do
Recommended actions to take in response to this breach.
If You Were Affected
- •Reset account credentials for CarGurus and associated services.
- •Monitor financial and personal records for any suspicious activities.
- •Engage with CarGurus customer support for breach-specific guidance.
Preventive Measures
- •Use strong, unique passwords for online accounts.
- •Enable two-factor authentication where available.
- •Regularly review account activity for unauthorized access.
Frequently Asked Questions
Common questions about this breach and what it means for you.