The India-based car-sharing marketplace Zoomcar has confirmed a massive data breach involving the personal information of at least 8.4 million customers. The compromised data includes sensitive user details such as full names, phone numbers, and vehicle registration numbers.
Security Incident Details and Discovery
According to a formal filing with the U.S. Securities and Exchange Commission, the Bengaluru-headquartered company identified unauthorized access to its information systems on June 9. The breach came to light after employees received communications from a threat actor claiming to possess the company’s internal data.
“Upon discovery, the company promptly activated its incident response plan,” Zoomcar noted in its official filing.
Extent of the Data Exposure
While the scale of the breach is significant, Zoomcar maintains that there is currently no evidence suggesting that financial records, plaintext passwords, or other highly sensitive identifiers were accessed by the intruder. Despite this, the company has yet to clarify whether it has directly notified the 8.4 million affected users or if it has identified the threat actor responsible for the attack.
Mitigation and Regulatory Response
In response to the unauthorized access, Zoomcar claims to have implemented additional security safeguards across its cloud infrastructure and internal networks. These measures include enhanced system monitoring and a comprehensive review of existing access controls.
The company is currently collaborating with third-party cybersecurity experts and has alerted relevant regulatory and law enforcement authorities. While the investigation remains ongoing, Zoomcar stated that the incident has not caused material disruption to its daily operations.
About Zoomcar
Founded in 2013, Zoomcar provides short-term and long-term vehicle rentals across 99 cities. With a fleet exceeding 25,000 vehicles, the company serves over 10 million users globally, maintaining a presence in India, Egypt, Indonesia, and Vietnam. Financial reports from February indicated a 19% year-on-year increase in bookings, despite a net loss of $7.9 million for the period.