CarMax
What was exposed
Email addressesNamesPhone numbersPhysical addresses
What to do if you were affected
- Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
- Watch for text-message phishing and SIM-swap attempts on your phone number.
- Be wary of targeted scams that use your personal details to sound convincing.
Details
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt . The data included 431k unique email addresses along with names, phone numbers and physical addresses.
Frequently asked questions
What is the CarMax data breach?
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt . The data included 431k unique email addresses along with names, phone numbers and physical addresses.
When did the data breach happen?
This data breach occurred around January 2026.
How many accounts were affected?
Around 431,371 accounts were affected.
What information was exposed?
Exposed data included Email addresses, Names, Phone numbers and Physical addresses.
What should I do if I was affected?
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Watch for text-message phishing and SIM-swap attempts on your phone number. Be wary of targeted scams that use your personal details to sound convincing.
Related breaches