A recent Automotive News article detailed a cybersecurity incident involving CarGurus in which a hacking group exposed more than 1.7 million corporate records, along with over 400,000 customer email addresses, phone numbers and physical addresses in a separate CarMax-related incident.

According to reporting, the stolen CarGurus data may include dealership account information and customer auto finance applications. While CarGurus stated that its investigation has not shown that core systems, APIs, or dealer data feeds were compromised, cybersecurity experts warn the risk to dealerships is real.

ShinyHunters — the extortion group claiming responsibility — is known for using voice phishing (“vishing”) to trick victims into handing over credentials.

As Erik Nachbahr, President of Helion Technologies, told Automotive News:

“I haven’t heard of it being successfully used against dealers or their related vendors until now. With the rapid growth in AI-driven attack tools, I believe this is just a preview of more ingenious attacks to come.”

Nachbahr also warned:

“As we’ve been warning, dealerships and their vendor ecosystem are firmly in the crosshairs of cybercriminals. I expect we’ll continue to see successful attacks for years to come. The sophistication and persistence of today’s threat actors should not be underestimated.”

And perhaps most directly:

“The continued failure by parts of the industry to take that seriously is, frankly, baffling.”

Step 1: Understand Your Attack Surface

Incidents like this reinforce a critical first step for dealership leaders: understand your attack surface.

Your attack surface includes every vendor, marketplace, CRM, finance tool, integration, and system that touches dealership or customer data. Even if your internal systems weren’t breached, exposure at a third party can quickly become your problem.

Before reacting to the next headline, dealerships should take a proactive approach — mapping where data lives, how it flows, and which vendors create additional exposure.

Helion offers a complimentary cybersecurity risk assessment designed specifically for auto and truck dealers to help identify your attack surface and prioritize practical steps to reduce risk.

Because as this latest incident shows, dealerships are very much in the crosshairs.