Car-sharing platform Zoomcar has disclosed a significant cybersecurity breach, affecting at least 8.4 million customers. The company confirmed that a hacker recently gained unauthorized access to personal user information, including customer names, phone numbers, and vehicle registration details.
According to an official filing submitted to the U.S. Securities and Exchange Commission, Zoomcar first detected the security incident on June 9 after several employees received communications from an unidentified attacker claiming infiltration of the company’s systems. In response, Zoomcar said it immediately activated its incident response protocols, strengthened security measures across both internal networks and cloud infrastructures, and increased monitoring and access management controls.
The company emphasized there is currently no indication that sensitive financial data, plaintext passwords, or other highly confidential identifiers were compromised in the intrusion. It has engaged third-party cybersecurity experts to conduct a thorough investigation and reported the incident to relevant regulatory bodies and law enforcement agencies, cooperating fully with their ongoing inquiries.
While Zoomcar detailed its reactive security efforts, no public clarification has been given regarding whether affected customers have been directly informed about the breach or whether the company has identified the attacker.
Established in 2013, Zoomcar is headquartered in Bengaluru, India, and offers car rentals on hourly, daily, weekly, and monthly bases. Operating a fleet exceeding 25,000 vehicles, the startup now services customers across 99 cities in India. Zoomcar also has expanded its presence internationally, entering the markets of Egypt, Indonesia, and Vietnam, accumulating over 10 million users globally.
Earlier this year, the company reported improved financial performance, noting a 19% year-over-year increase in rental bookings to approximately 103,600 reservations for its third fiscal quarter. Zoomcar also highlighted substantial growth in its contribution profit, alongside a net loss for the quarter of around $7.9 million.
Zoomcar stressed that despite the seriousness of this cybersecurity incident, its business operations remain unaffected.
