Ransomware victim disclosure
← All victimsCarMax
Claimed by Hunters International · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileCarMax is the largest used-car retailer in the United States, operating over 230 retail locations nationwide. The company is known for its no-haggle pricing model, vehicle inspections, warranties, and in-house financing options. CarMax is publicly traded (NYSE: KMX) and serves millions of customers annually across the US.
- Industry
- Used Vehicle Retail
- Address
- 12800 Tuckahoe Creek Pkwy, Richmond, VA 23238, United States
- Employees
- 25000+
- Founded
- 1993
Attack summary
Severity: high — CarMax is a large publicly traded retailer handling significant volumes of customer PII (names, addresses, financial/credit data from financing operations) and employee data. The 'data_published' status indicates confirmed exfiltration and publication, elevating severity even without a specific data inventory, given the scale of potential consumer and financial data exposure.Hunters International claims to have attacked CarMax and has published data, suggesting exfiltration of company data; the leak post does not specify whether encryption occurred, and no ransom amount or data size has been disclosed.
Data the group says was taken
AI dossier — extracted from the leak post- Unknown data types (no inventory specified in leak post)
Original description
AI-summarised, not from the leak postCarMax is a leading car dealership company in the United States that specializes in used cars. The company offers a unique car buying experience to its customers with its no-haggling and fair pricing model. In addition, CarMax also offers financing options and a wide range of car types, makes and models. They are renowned for their thorough inspections, warranties, and return policy.
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

