CarGurus Hit by Cyber Attack: Is Dealer Data Safe and Platforms Still Running?

CarGurus Confirms Cybersecurity Incident While Assuring Platform Stability

The automotive marketplace giant CarGurus has confirmed it fell victim to a 'cybersecurity incident' but has moved swiftly to assure users that its platforms remain 'fully operational'. The company has launched a full investigation into the breach and is working with a leading independent cybersecurity firm to assess the impact.

Limited Scope and Contained Threat

Initial findings from the investigation suggest the attack was 'limited in scope' and has now been successfully contained. This news will come as a relief to the thousands of dealers and private sellers who rely on the platform daily. In an email to customers, CarGurus CEO Jason Trevision stated that the incident 'doesn’t appear to have involved a broad set of highly sensitive data'.

Dealer Systems Reportedly Uncompromised

Crucially for the UK's automotive trade, Trevision's message emphasised that the core systems used by dealer partners appear to be unaffected. He specifically noted that there are 'no indications that dealer data feeds, APIs, or core systems used by our dealer partners have been compromised'. This is a critical point, as any disruption to these feeds could severely impact vehicle listings, stock management, and sales operations for countless businesses.

The company has committed to reviewing relevant records carefully and has promised to notify any impacted parties directly if necessary. The message underlined that maintaining customer trust is the company's highest priority and that it is taking the incident 'extremely seriously'.

Ongoing Vigilance in the Automotive Sector

This incident serves as a stark reminder of the persistent cybersecurity threats facing the digital automotive sector. It follows other high-profile attacks, such as the one on JLR, which was labelled by experts as one of the 'most economically-damaging' cyber attacks in British history. For dealers and consumers alike, the security of platforms handling sensitive vehicle and customer data is paramount.

For now, CarGurus users can continue to use the service as normal while the internal investigation continues. The company's prompt response and transparent communication suggest a controlled handling of the situation, aiming to minimise disruption and maintain confidence among its dealer network and car-buying public.