Zoomcar Holdings (Zoomcar) has disclosed that unauthorized accessed its system led to a data breach impacting 8.4 million customers.
The incident was detected on June 9, after a menace actor emailed firm workers alerting them of a cyberattack.
Though there was no materials disruption to companies, the corporate’s inside investigation confirmed that delicate knowledge belonging to a subset of its clients has been compromised.
Zoomcar is an Indian peer-to-peer car-sharing market that connects automotive homeowners with renters throughout rising markets in Asia, providing brief and medium-term automobile leases.
The corporate turned a U.S.‑listed, Delaware‑registered public firm in late 2023, following a merger with an American blank-check agency IOAC, and its shares are actually traded in Nasdaq (ZCAR).
Adhering to U.S. monetary reporting requirements, the corporate is required report the incident to the U.S. Securities and Change Fee (SEC).
“On June 9, 2025, Zoomcar Holdings, Inc. recognized a cybersecurity incident involving unauthorized entry to its data techniques,” the corporate informs.
“The Firm turned conscious of the incident after sure workers acquired exterior communications from a menace actor alleging unauthorized entry to Firm knowledge.”
The outcomes of its preliminary investigation present that the next knowledge for 8.4 million clients has been uncovered to an unauthorized social gathering:
- Full title
- Cellphone quantity
- Automobile registration quantity
- Dwelling handle
- E mail handle
Zoomcar says that there isn’t a proof of exposing customers’ monetary data, plaintext passwords, or every other delicate knowledge that might result in the identification of people.
The corporate underlined that it’s nonetheless evaluating of the precise scope and potential affect of the security incident.
At the moment, the kind of the assault hasn’t been decided and no ransomware group has assumed accountability for the assault at Zoomcar.
BleepingComputer has requested Zoomcar concerning the nature of the incident however we acquired no response.
In 2018, Zoomcar suffered one other main data breach that uncovered data of greater than 3.5 million clients, together with names, e-mail and IP addresses, telephone numbers, and passwords saved as bcrypt hashes.
That knowledge was ultimately provided on the market on an undeground market in 2020, exposing Zoomcar clients to elevated dangers.
Patching used to imply complicated scripts, lengthy hours, and countless fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and concentrate on strategic work — no complicated scripts required.
