10:43 am, February 23, 2026
CarGurus says its platforms remain ‘fully operational’ after the firm fell victim to a ‘cybersecurity incident’.
The listings giant has launched an investigation and is working with a leading independent cybersecurity firm after hackers targeted its systems.
While inquiries remain ongoing, bosses say the early signs are that the attack was ‘limited in scope’ and has now been contained.
In an email to customers, seen by Car Dealer, CEO Jason Trevision, said that the incident ‘doesn’t appear to have involved a broad set of highly sensitive data’.
He added that dealer data feeds, APIs, and core systems used by dealer partners all appear uncompromised.
The leaked message says: ‘We recently experienced a cybersecurity incident; we secured the affected environment and launched an investigation with the assistance of a leading independent cybersecurity firm.
‘Based on our investigation to date, the activity has been contained and limited in scope. At this time, it doesn’t appear that the incident involved a broad set of highly sensitive data; however, our investigation remains ongoing.
‘We remain fully operational, and our services continue without interruption.
‘Also at this time, there are no indications that dealer data feeds, APIs, or core systems used by our dealer partners have been compromised. We are reviewing the relevant records carefully and will notify any impacted parties directly, as needed.
‘We have no higher priority than maintaining the trust of our customers and are taking this incident extremely seriously.’
Car Dealer has approached CarGurus for comment.
