CarGurus Data Breach Impacts 12.5 Million Accounts

Automotive marketplace CarGurus experienced a data breach where millions of customers’ names, email addresses, phone numbers, and physical addresses were stolen. According to Have I Been Pwned, the data breach affected 12.5 million CarGurus accounts, with the ShinyHunters hacking group responsible. Founded in 2006, CarGurus is an online marketplace for buying, selling, and financing vehicles. ShinyHunters, known for social engineering tactics, has previously targeted several universities, Salesforce customers, and companies like Google, Workday, Pornhub, and Figure. TechCrunch has sought comments from CarGurus and will provide updates if the company responds. The stolen customer data includes user account ID mappings, finance pre-qualification information, and dealer account details, as reported by Have I Been Pwned. This is the second automotive-related data breach of the year, following an incident involving CarMax data last month, as reported by the data breach notification site.