CarGurus Data Breach

13/02/2026 · 12,461,887 records · moderate risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (5 categories) and the volume of affected records (12,461,887).

Data connected to the CarGurus platform was released publicly following an extortion attempt associated with the ShinyHunters group. The published files combine user contact details with platform related account information.

The breach contains over 12 million email addresses as well as names, phone numbers, physical addresses, and IP addresses. The dataset also references finance pre qualification information and outcomes of auto finance applications, plus dealer account and subscription details.

Exposed data

Email addresses IP addresses Names Phone numbers Physical addresses

What to do based on this breach

Be cautious with emails or calls about auto financing that claim you are pre approved or that a “pending decision” needs action

Request credit reports and enable credit alerts where available to spot attempts to open credit using your details

Block or filter messages that use your name and phone number to pressure you into paying “processing” or “application” fees

Review your CarGurus account to confirm what contact details are on file and what communications you have opted into

What can we learn from this breach?

When a breach combines contact details with lending or application outcomes, scams become more convincing because the outreach feels legitimate. Strong practices include separating sensitive data by purpose, tightly controlling internal and partner access, and having solid monitoring and incident response to reduce the chance of extortion leading to public release.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Canada Goose

03/07/2025 581,877 records moderate risk

5 data types in common

Canadian Tire

01/10/2025 38,306,562 records high risk

4 data types in common

← All breaches