CarGurus A.I CyberSecurity Scoring
CarGurus
Company Information
Website:http://www.cargurus.com
Employees number:1,343
Number of followers:48,320
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:cargurus.com
CarGurus Risk Score (AI oriented)
Between 650 and 699
CarGurusTechnology, Information and Internet
Updated:
01/04/2026
01/04/2026
677/1000
Weak
B
CarGurus Global Score (TPRM)
xxxx
CarGurusTechnology, Information and Internet
Score locked

CarGurusWeak
Current Score
677B (WEAK)
01000
1 incidents
-99 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
693
JUNE 2026
689
MAY 2026
679
APRIL 2026
678
MARCH 2026
677
FEBRUARY 2026
774
Breach
21 Feb 2026 • CarGurus
CarGurus and Match Group: CarGurus data breach exposes information of 12.4 million accounts
ShinyHunters Leaks 12.4 Million CarGurus Records in Massive Data Breach
675
CRITICAL-99
MATCAR1771957470
ShinyHunters Leaks 12.4 Million CarGurus Records in Massive Data Breach
The ShinyHunters extortion group has released over 12 million records allegedly stolen from CarGurus, a U.S.-based digital automotive marketplace serving millions across the U.S., Canada, and the U.K. The breach, disclosed on February 21, involved a 6.1GB archive containing sensitive user data, including:
- Email and IP addresses
- Full names and phone numbers
- Physical addresses
- User account IDs
- Finance pre-qualification and application details
- Dealer account information
- Subscription data
HaveIBeenPwned (HIBP) verified and added the dataset to its database, confirming that 3.7 million records were new, while the remaining 70% overlapped with prior breaches. Though CarGurus has not officially acknowledged the incident, the leaked data is now publicly accessible, raising concerns about phishing and fraud risks for affected users.
ShinyHunters, known for aggressive extortion tactics, has recently targeted multiple high-profile companies, including Odido, Optimizely, Figure, Canada Goose, Panera Bread, Match Group, and SoundCloud. The group typically gains access through social engineering, such as voice phishing, tricking employees into exposing credentials or installing malicious OAuth apps that grant API-level access to platforms like Salesforce, Okta, and Microsoft 365.
This breach underscores the growing threat of data extortion groups exploiting corporate systems to harvest and leak sensitive customer information.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
774
DECEMBER 2025
774
NOVEMBER 2025
774
OCTOBER 2025
774
SEPTEMBER 2025
774
AUGUST 2025
774
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CarGurus ??
What was CarGurus's A.I Rankiteo Cyber Score in June 2026 ??
What was CarGurus's A.I Rankiteo Cyber Score in May 2026 ??
What was CarGurus's A.I Rankiteo Cyber Score in April 2026 ??
What was CarGurus's A.I Rankiteo Cyber Score in March 2026 ??
What was CarGurus's A.I Rankiteo Cyber Score in February 2026 ??
What was CarGurus's A.I Rankiteo Cyber Score in January 2026 ??
What was CarGurus's A.I Rankiteo Cyber Score in December 2025 ??
What was CarGurus's A.I Rankiteo Cyber Score in November 2025 ??
What was CarGurus's A.I Rankiteo Cyber Score in October 2025 ??
What was CarGurus's A.I Rankiteo Cyber Score in September 2025 ??
What was CarGurus's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CarGurus's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CarGurus ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CarGurus's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?