Indian car-sharing platform Zoomcar has reported a data breach that exposed personal information of at least 8.4 million customers. The stolen data includes names, phone numbers, and car registration numbers.
The Bengaluru-based company revealed the breach in a filing with the U.S. Securities and Exchange Commission. Zoomcar said it discovered the incident on June 9. The company learned about the breach after employees received messages from a hacker claiming to have accessed company data.
“Upon discovery, the company promptly activated its incident response plan,” Zoomcar said in its filing.
The company assured that no financial data, plain-text passwords, or other sensitive details were exposed.
Zoomcar said it has taken steps to strengthen its security. This includes adding new safeguards across its cloud services and internal networks, increasing system monitoring, and reviewing who has access to its systems. The company did not share further details about these actions.
Zoomcar also said it is working with outside cybersecurity experts. It has informed regulators and law enforcement and is cooperating with their investigations.
So far, Zoomcar has not said whether it has notified affected customers. It also has not provided information about the hacker or how the breach occurred.
Founded in 2013, Zoomcar allows customers to rent cars by the hour, day, week, or month. The company operates more than 25,000 cars in 99 cities and serves over 10 million users. In addition to India, Zoomcar has operations in Egypt, Indonesia, and Vietnam.
Earlier this year, Zoomcar reported strong business growth. Car rentals rose 19% year-over-year to 103,599 bookings in February. The company’s contribution profit increased more than 500% to $1.28 million, though it still recorded a net loss of $7.9 million.
Zoomcar said the data breach has not caused any major disruption to its services so far.
