Zoomcar Holdings (Zoomcar) has disclosed that unauthorized accessed its system led to an information breach impacting 8.4 million customers.
The incident was detected on June 9, after a menace actor emailed firm staff alerting them of a cyberattack.
Though there was no materials disruption to companies, the corporate’s inner investigation confirmed that delicate information belonging to a subset of its prospects has been compromised.
Zoomcar is an Indian peer-to-peer car-sharing market that connects automobile house owners with renters throughout rising markets in Asia, providing quick and medium-term automobile leases.
The corporate grew to become a U.S.‑listed, Delaware‑registered public firm in late 2023, following a merger with an American blank-check agency IOAC, and its shares at the moment are traded in Nasdaq (ZCAR).
Adhering to U.S. monetary reporting requirements, the corporate is required report the incident to the U.S. Securities and Trade Fee (SEC).
“On June 9, 2025, Zoomcar Holdings, Inc. recognized a cybersecurity incident involving unauthorized entry to its info methods,” the corporate informs.
“The Firm grew to become conscious of the incident after sure staff obtained exterior communications from a menace actor alleging unauthorized entry to Firm information.”
The outcomes of its preliminary investigation present that the next information for 8.4 million prospects has been uncovered to an unauthorized social gathering:
- Full identify
- Cellphone quantity
- Automotive registration quantity
- Dwelling handle
- E-mail handle
Zoomcar says that there is no such thing as a proof of exposing customers’ monetary info, plaintext passwords, or every other delicate information that might result in the identification of people.
The corporate underlined that it’s nonetheless evaluating of the precise scope and potential influence of the safety incident.
Presently, the kind of the assault hasn’t been decided and no ransomware group has assumed accountability for the assault at Zoomcar.
BleepingComputer has requested Zoomcar in regards to the nature of the incident however we obtained no response.
In 2018, Zoomcar suffered one other main information breach that uncovered information of greater than 3.5 million prospects, together with names, electronic mail and IP addresses, cellphone numbers, and passwords saved as bcrypt hashes.
That information was finally supplied on the market on an undeground market in 2020, exposing Zoomcar prospects to elevated dangers.
Patching used to imply advanced scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and give attention to strategic work — no advanced scripts required.
