CarMax Data Breach

What Happened

In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.

Compromised Data

Email addresses
Names
Phone numbers
Physical addresses

Recommended Actions

Sponsored
1Password

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Try 1Password

Breach Overview

  • Affected Accounts:

    431.4 thousand

  • Breach Occurred:

    January 2026

  • Added to HIBP:

    20 Feb 2026

Recommended Actions

Change Your Password

If you haven’t already changed the password affected by this breach, do so immediately on every account where it was used.

Enable Two-Factor Authentication

Wherever 2FA is supported, add an extra layer of security to your account.

Sponsored
1Password

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Try 1Password