Automotive marketplace CarGurus is investigating a cybersecurity incident after the hacking group ShinyHunters claimed responsibility for a data breach. The incident affects more than 12 million user accounts.
Hackers reportedly executed the breach through a vishing attack by impersonating IT staff to obtain employee credentials. Compromised information includes names, physical addresses, email addresses, and phone numbers. The breach also exposed auto finance pre-qualification data.
CarGurus confirmed it has contained the incident and launched an investigation alongside an independent cybersecurity firm. The company stated that dealer data feeds and core partner systems were not compromised. All CarGurus services remain operational.