Zoomcar Holdings, a peer-to-peer car-sharing firm that connects automobile house owners with renters, has revealed that its info programs have been accessed with out permission, affecting roughly 8.4 million customers.
The Bengaluru-based agency found this cybersecurity incident on June 9, 2025, after a few of its workers obtained messages from a hacker claiming to own firm knowledge. Based on Zoomcar’s official disclosure to the US Securities Trade Fee (SEC), the unauthorized occasion gained entry to a selected assortment of non-public particulars.
This included customers’ names, telephone numbers, automobile registration numbers, house addresses, and electronic mail addresses. Importantly, the corporate has acknowledged that present proof suggests monetary info, precise passwords, or different extremely delicate identification numbers weren’t compromised on this occasion.
Based in 2013, Zoomcar has develop into a big participant within the car-sharing market, with over 10 million customers and a fleet of greater than 25,000 vehicles. Its operations span 99 cities throughout a number of international locations, together with India, Egypt, Indonesia, and Vietnam.
Firm’s Response and Unanswered Questions
Following the invention, Zoomcar instantly activated its plan for coping with such incidents. Measures taken embrace including additional security measures to its cloud and inner networks, rising monitoring of its programs, and re-evaluating who has entry permissions.
The corporate has additionally introduced in exterior cybersecurity consultants to assist with their investigation. Furthermore, related authorities and legislation enforcement our bodies have been knowledgeable, and Zoomcar is working carefully with them.
Regardless of the intense nature of the breach, the corporate acknowledged, “Up to now, the incident has not resulted in any materials disruption to the Firm’s operations.” Nevertheless, Zoomcar continues to evaluate the total extent of the occasion, together with attainable authorized, money-related, and status impacts, in addition to the prices to repair the problems. It stays unsure if affected prospects have been immediately instructed concerning the incident or if the identification of the hacker is thought.
A Historical past of Safety Challenges
This isn’t the primary time Zoomcar has confronted such safety points. In July 2018, the corporate skilled one other main knowledge breach that uncovered the small print of three.6 million prospects. That earlier incident concerned the theft of names, web addresses (IP addresses), passwords, and telephone numbers. The knowledge from that 2018 breach was later discovered on the market on a darkish net market in 2020.
This current occasion happens amidst a interval the place different massive automobile rental corporations, corresponding to Hertz and Avis , have additionally reported cyberattacks throughout the final 12 months, highlighting ongoing safety challenges throughout the rental automobile sector.
“Though this was a big breach, the data compromised doesn’t pose a direct menace to victims’ on-line accounts or funds,” defined Paul Bischoff, Shopper Privateness Advocate at Comparitech.
“Victims needs to be looking out for focused phishing messages and scams through textual content and electronic mail. These messages would possibly faux to be from Zoomcar or a associated firm. By no means click on on hyperlinks or attachments in unsolicited emails and texts,” he warned.
