Zoomcar, the Bengaluru-based car-sharing platform, has reported a major data breach affecting approximately 84 lakh (8.4 million) users. The breach, which occurred on June 9, exposed personal details such as names, phone numbers, and car registration numbers. The company confirmed the incident in a regulatory filing with the U.S. Securities and Exchange Commission (SEC).
Zoomcar became aware of the breach after employees received messages from a threat actor claiming responsibility. Although no sensitive financial data or passwords appear to have been compromised, the leaked personal information could still pose security risks for users.
The company immediately activated its incident response plan, taking steps to contain the breach, enhance security across its cloud and internal systems, and increase monitoring. It has also engaged third-party cybersecurity experts to support the investigation and informed regulatory and law enforcement bodies.
Zoomcar emphasized that its operations remain unaffected, but it continues to evaluate the potential legal, financial, and reputational impact. The company went public in 2023 following a SPAC merger and is now bound by SEC reporting rules.
Operating in 99 cities, Zoomcar manages over 25,000 cars and serves more than 10 million users across India, Egypt, Indonesia, and Vietnam.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
