CARGURUS INC

Name: CARG Exclusion Analysis
Creator: Ethical Capital

CARG

Communication Services

exclusion reason

1 theme

Surveillance Capitalism (1)

CARG Communication Services Current as of April 2026

This page is part of our public exclusion list — a transparency tool that shows which companies we screen out and why. It is not investment advice, and it is not an accusation. But it is subject to change as our understanding of the facts evolves.

Data & Privacy

Since Mar 19, 2026

CarGurus operates an online automotive marketplace that suffered a major data breach in February 2026 when the ShinyHunters hacking group compromised 12.5 million user accounts. Attackers impersonated IT support staff and used social engineering to trick employees into providing Single Sign-On codes, bypassing multi-factor authentication to access internal systems. Exposed data included names, email addresses, phone numbers, physical addresses, IP addresses, and auto finance application outcomes. Multiple class-action lawsuits were filed in federal court alleging that CarGurus violated common law, contract law, and FTC Act obligations by failing to implement reasonable data security measures. The breach revealed systemic failures in employee security training and access controls at the company.

Sources:

techcrunch.com ↗ · news.bloomberglaw.com ↗ · topclassactions.com ↗

Related Issues

Surveillance Capitalism

Surveillance capitalism is extraction without consent — behavioral data harvested from people whose agreement was buried in terms they couldn't negotiate and can't revoke. We exclude companies whose revenue depends on this, and hold a high bar for any tech company where surveillance is a meaningful input. Until users can control, audit, and delete their data, this stays a core exclusion.

→

Research Sources 3 organizations

techcrunch.com ↗

External

news.bloomberglaw.com ↗

External

topclassactions.com ↗

External

Related Exclusions

Same Issue

Surveillance Capitalism

See all companies →

Wondering what we do invest in?

Our strategies → Our process →

The Naughty List

A digest of changes to our exclusion list — new additions, removals, and the evidence behind them. We review the list continuously as new evidence surfaces.

RSS feed No spam · Unsubscribe anytime

Companies appear on our exclusion list based on our investment judgment — not because they've done anything illegal. This is a difference of values and opinion, not an accusation of wrongdoing. Exclusion does not constitute a recommendation against investing in any company, and absence from the list does not constitute a recommendation to invest.

This information is provided for educational and transparency purposes only and should not be relied upon as investment advice. Data is drawn from independent watchdogs, NGOs, government registries, and Ethical Capital's ongoing research — see Research Sources for the full list.

Ethical Capital LLC is a state-registered investment adviser in Utah (CRD #316032). Registration does not imply a certain level of skill or training.