CarGurus class action lawsuits overview:
- Who: CarGurus is facing two class action lawsuits filed by consumers.
- Why: The consumers claim CarGurus is responsible for a recent data breach that exposed the personally identifiable information of millions of consumers.
- Where: The CarGurus data breach class action lawsuits were filed in Massachusetts federal court.
CarGurus is facing two class action lawsuits filed by consumers who claim the company is responsible for a recent data breach that exposed the personally identifiable information of millions of consumers.
Plaintiffs David Ramirez and Nancy Infield both filed class action lawsuits against CarGurus on Feb. 26 in Massachusetts federal court, alleging violations of state and federal consumer privacy laws.
According to the CarGurus class action lawsuits, the data breach occurred in February 2026 when cybercriminals infiltrated CarGurus’ network servers and accessed highly sensitive personally identifiable information, including names, email addresses, phone numbers, physical addresses, IP addresses, pre-qualifying finance applications and auto finance application outcomes.
The plaintiffs allege CarGurus did not provide any response or notice regarding the data breach, but did not dispute the 12.5 million hacked account figure being reported in the media.
CarGurus allegedly failed to implement reasonable data security measures to protect the plaintiffs’ and class members’ personally identifiable information, leaving it vulnerable to cyberattacks, the CarGurus class action claims.
CarGurus data breach victims face increased risk of identity theft, fraud
As a result of the CarGurus data breach, the plaintiffs claim they and other class members now face a significantly increased risk of fraud, identity theft and other forms of criminal mischief.
The plaintiffs say they must devote substantially more time, money and energy to protect themselves from these crimes.
Ramirez and Infield both assert claims for negligence, breach of implied contract, unjust enrichment and declaratory judgment arising from the CarGurus data breach. Ramirez further asserts violations of the California Consumer Privacy Act (CCPA) under California law.
The plaintiffs seek damages and injunctive relief, including the adoption of reasonably sufficient practices to safeguard the personally identifiable information in CarGurus’ custody to prevent incidents like the data breach from recurring in the future, and for CarGurus to provide identity theft protection services to the plaintiffs and class members for their lifetimes.
Veriff OU and Verizon Value Inc., doing business as Total Wireless are also facing multiple class actions for allegedly failing to adequately protect customers’ personally identifiable information in a 2025 data breach.
What do you think of the allegations made in these CarGurus data breach class action lawsuits? Tell us in the comments.
The plaintiffs are represented by David Pastor of Pastor Law Office LLP, Gerald D. Wells III and Stephen E. Connolly of Lynch Carpenter LLP, Richard E. Levine of Stanzler Levine LLC and Jason S. Rathod and Nicholas A. Migliaccio of Migliaccio & Rathod LLP.
The CarGurus data breach class action lawsuits are Ramirez v. CarGurus Inc., Case No. 1:26-cv-11003, and Infield v. CarGurus Inc., Case No. 1:26-cv-10996, both in the U.S. District Court for the District of Massachusetts.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
