CarGurus data breach (2026)

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings,…

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2026-02-14, CarGurus was affected by a data breach. Approximately 12,461,887 accounts were exposed. In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings,…

Related incidents

Data breachOngoingJune 2, 2026

DentaQuest ShinyHunters data breach exposes 2.6 million accounts (2026)

Dental benefits administrator DentaQuest confirmed a network breach after the extortion group ShinyHunters leaked roughly 234 GB of stolen data, exposing personal, identity, and health-insurance information tied to about 2.6 million accounts.

Victim: DentaQuest
Records: 2.6M

Data breachUnknownMay 21, 2026

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim: ATOA
Records: 23.7K

Data breachContainedMay 12, 2026

CARMF: 2.4 million doctor records leaked after a cyberattack

In May 2026, an actor using the alias lazasec claimed to have breached CARMF, France's pension and benefits fund for self-employed doctors, leaking a database of up to 2.4 million records with names, contributor codes, postal addresses and last-declaration dates; CARMF said the exposed data was public and non-sensitive.

Victim: CARMF

Data breachContainedMay 6, 2026

Cetelem: customer email addresses exposed after a cyberattack

Cetelem, the consumer-credit brand of BNP Paribas Personal Finance, confirmed a cyberattack on 20 April 2026 that exposed the email addresses of several hundred thousand customers; the company says no passwords, banking or payment data were compromised.

Victim: Cetelem

Sources

Related incidents

DentaQuest ShinyHunters data breach exposes 2.6 million accounts (2026)

23,685 records: claimed leak at ATOA

CARMF: 2.4 million doctor records leaked after a cyberattack

Cetelem: customer email addresses exposed after a cyberattack