Zoomcar Holdings (Zoomcar) has disclosed that unauthorized accessed its system led to an information breach impacting 8.4 million customers.
The incident was detected on June 9, after a menace actor emailed firm staff alerting them of a cyberattack.
Though there was no materials disruption to providers, the corporate’s inner investigation confirmed that delicate knowledge belonging to a subset of its prospects has been compromised.
Zoomcar is an Indian peer-to-peer car-sharing market that connects automobile house owners with renters throughout rising markets in Asia, providing quick and medium-term automobile leases.
The corporate grew to become a U.S.‑listed, Delaware‑registered public firm in late 2023, following a merger with an American blank-check agency IOAC, and its shares at the moment are traded in Nasdaq (ZCAR).
Adhering to U.S. monetary reporting requirements, the corporate is required report the incident to the U.S. Securities and Change Fee (SEC).
“On June 9, 2025, Zoomcar Holdings, Inc. recognized a cybersecurity incident involving unauthorized entry to its info programs,” the corporate informs.
“The Firm grew to become conscious of the incident after sure staff acquired exterior communications from a menace actor alleging unauthorized entry to Firm knowledge.”
The outcomes of its preliminary investigation present that the next knowledge for 8.4 million prospects has been uncovered to an unauthorized get together:
- Full title
- Cellphone quantity
- Automotive registration quantity
- House handle
- E mail handle
Zoomcar says that there isn’t any proof of exposing customers’ monetary info, plaintext passwords, or some other delicate knowledge that might result in the identification of people.
The corporate underlined that it’s nonetheless evaluating of the precise scope and potential influence of the safety incident.
At the moment, the kind of the assault hasn’t been decided and no ransomware group has assumed duty for the assault at Zoomcar.
BleepingComputer has requested Zoomcar concerning the nature of the incident however we acquired no response.
In 2018, Zoomcar suffered one other main knowledge breach that uncovered information of greater than 3.5 million prospects, together with names, e mail and IP addresses, telephone numbers, and passwords saved as bcrypt hashes.
That knowledge was ultimately provided on the market on an undeground market in 2020, exposing Zoomcar prospects to elevated dangers.
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and deal with strategic work — no advanced scripts required.
