CarGurus, Inc. (“CarGurus”) is a Boston, Massachusetts-based company operating a digital platform for car buying/selling. It may have experienced a data breach, potentially exposing customers’ sensitive information.
On February 21, 2026, a hacking and extortion group called ShinyHunters posted a 6.1GB archive of what they claim is stolen CarGurus data. [1] Possibly compromised information includes names, phone numbers, physical and IP addresses, auto finance application outcomes, email addresses, finance pre-qualification application data and dealer account and subscription information. [2] The application information may have included social security numbers.
CarGurus has yet to release an official statement about the alleged data breach. However, a February 24, 2026 TechCrunch article claims CarGurus confirmed they experienced a now-contained cybersecurity incident. [3]
If you believe you were impacted by the alleged CarGurus data breach and would like additional information about your legal rights, you can contact Goldenberg Schneider, LPA by calling 513-982-1569, sending an email to [email protected] or completing the “Contact Us” form to the right.
[1] Toulas, Bill. 2026. “CarGurus Data Breach Exposes Information of 12.4 Million Accounts.” BleepingComputer. February 24, 2026. https://www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/.
2 Ibid.
3 Korosec, Kirsten. 2026. “CarGurus Data Breach Affects 12.5 Million Accounts.” TechCrunch. February 24, 2026. https://techcrunch.com/2026/02/24/cargurus-data-breach-affects-12-5-million-accounts/.

