Zoomcar, a well-known car-sharing platform, recently reported that a cyberattack exposed the personal details of approximately 8.4 million users. The information that was accessed includes users’ names, phone numbers, and vehicle registration details.
The company, based in Bengaluru, India, disclosed this security incident in a filing with the U.S. Securities and Exchange Commission (SEC). According to the filing, Zoomcar discovered the issue on June 9 after some of its employees received direct messages from an unknown individual who claimed to have broken into the company’s systems and gained access to its data.
In response, Zoomcar quickly launched its incident response plan — a set of steps companies take to control damage and secure their systems after a cyberattack. The company explained that, so far, there is no sign that financial information, unencrypted passwords, or highly sensitive personal identifiers were stolen in this breach.
Zoomcar has since introduced additional security measures to strengthen its internal systems and cloud services. These steps include improved system monitoring and a careful review of user access controls to prevent future attacks. However, the company did not give detailed explanations of these new protections.
The company also confirmed that it is working with independent cybersecurity experts to investigate the incident further. Relevant law enforcement agencies and regulatory authorities have been notified and are now involved in the case.
At this point, Zoomcar has not provided any public updates on whether it has directly informed the affected users or if it has managed to identify the hacker responsible.
As of now, the company says this breach has not affected its day-to-day business operations.
Zoomcar, founded in 2013, is a platform that allows users to rent cars by the hour, day, week, or month. It currently operates in 99 cities with a fleet of over 25,000 cars and has built a user base of more than 10 million people. Apart from India, the company also runs services in Egypt, Indonesia, and Vietnam.
Earlier this year, Zoomcar reported that it had seen a 19% increase in car rentals compared to the previous year, totaling over 103,000 bookings. The company also noted a significant improvement in its contribution profit, which rose by over 500% to $1.28 million. However, despite these gains, the company’s net loss still stood at $7.9 million.
Cyberattacks like this highlight the importance of strong cybersecurity practices and continuous monitoring, especially for companies that handle large amounts of personal user information. It also raises questions about how quickly companies notify customers after discovering such breaches.
For now, Zoomcar says it is taking the situation seriously and is fully cooperating with all ongoing investigations.
