TSLA406.55012.49%
GM76.6500.41%
F13.6100.11%
RIVN18.1201.46%
CYD47.070-0.01%
HMC27.590-0.14%
TM174.320-2.83%
CVNA67.1200.76%
PAG191.4908.97%
LAD311.9809.07%
AN192.3104.66%
GPI302.9608.31999%
ABG211.7306.98%
SAH95.3107.3%
TSLA406.55012.49%
GM76.6500.41%
F13.6100.11%
RIVN18.1201.46%
CYD47.070-0.01%
HMC27.590-0.14%
TM174.320-2.83%
CVNA67.1200.76%
PAG191.4908.97%
LAD311.9809.07%
AN192.3104.66%
GPI302.9608.31999%
ABG211.7306.98%
SAH95.3107.3%
TSLA406.55012.49%
GM76.6500.41%
F13.6100.11%
RIVN18.1201.46%
CYD47.070-0.01%
HMC27.590-0.14%
TM174.320-2.83%
CVNA67.1200.76%
PAG191.4908.97%
LAD311.9809.07%
AN192.3104.66%
GPI302.9608.31999%
ABG211.7306.98%
SAH95.3107.3%

CarGurus allegedly hit in data breach, claiming 1.7 million records stolen

A cybercrime group claims it stole 1.7 million corporate records from CarGurus and threatened to leak the data unless contacted by Feb. 20, 2026.

CarGurus data breach

On the Dash:

  • Third-party marketplace breaches can expose corporate and potentially sensitive operational data.
  • Voice phishing targeting SSO systems remains an active threat vector for automotive-related platforms.
  • Dealers should reassess vendor cybersecurity protocols and employee authentication safeguards.

CarGurus purportedly suffered a data breach involving 1.7 million corporate records, according to ShinyHunters, a cybercrime crew that posted the online vehicle marketplace to its leak site on Wednesday.

“This is a final warning to reach out by 20 Feb 2026 before we leak along with several annoying (digital) problems that’ll come your way,” ShinyHunters wrote in its announcement shared on social media. The group claimed the compromised files included personally identifiable information and “other internal corporate data.”

According to ShinyHunters, the breach occurred on Feb. 13 and was part of a broader code-stealing spree. The group said it used voice phishing to obtain single-sign-on codes from users of Okta, Microsoft, and Google services.

Sign up for CBT News’ daily newsletter and get the latest industry stories delivered straight to your inbox

The Wednesday post marked one of 15 breaches claimed this year by ShinyHunters and Scattered Lapsus$ Hunters. The group also listed investment advisory firms Mercer Advisors and Beacon Pointe Advisors on Sunday, setting a Wednesday deadline to negotiate and threatening to leak 5 million records from Mercer and 100,000 from Beacon Pointe. Neither firm has posted a breach notification or responded to requests for comment.

Blockchain lending firm Figure Technology Solutions was also listed on the leak site last week. Have I Been Pwned reported that nearly 1 million customer records were stolen. A Figure spokesperson said “an employee was socially engineered,” allowing an actor to download a limited number of files. The company said it blocked the activity, retained a forensic firm, is adding safeguards and training, and is offering free credit monitoring to affected individuals.

Other recent victims cited by the group include Betterment, Match Group, Panera Bread, and car-buying and review sites CarMax and Edmunds.

More from Industry News
Senate panel to vote on bill blocking Chinese automakers from U.S. market

Senate panel to vote on bill blocking Chinese automakers from U.S. market

- July 9, 2026
On the Dash: The proposed legislation would reinforce barriers preventing Chinese automakers from entering the U.S. retail market. Dealers should continue to monitor federal policy as national security becomes a...
FTC settlement expands right-to-repair access for John Deere

FTC settlement expands right-to-repair access for John Deere

- July 9, 2026
On the Dash: The settlement could become a blueprint for future right-to-repair enforcement in other industries, including automotive. Manufacturers may face increasing pressure to provide independent repair shops with broader...
Polestar cuts prices by up to $25,000 ahead of U.S. sales ban

Polestar cuts prices by up to $25,000 ahead of U.S. sales ban

- July 8, 2026
On the Dash: Polestar is discounting the Polestar 3 and 4 by up to $25,000 before its 2027 exit. Commerce Department banned Polestar, owned by Geely, over Chinese software issues. ...
Toyota invests $3.6B to expand Texas plant, shifts Tacoma production from Mexico

Toyota invests $3.6B to expand Texas plant, shifts Tacoma production from Mexico

- July 7, 2026
On the Dash: Toyota's expanded U.S. truck production could improve future Tacoma inventory levels for dealers. The investment reinforces Toyota's long-term commitment to North American manufacturing despite ongoing trade uncertainty. ...
CBT News
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.