Zoomcar Data Breach Exposes 8.4 Million Users
▼ Summary
– Zoomcar Holdings disclosed a data breach affecting 8.4 million users due to unauthorized system access detected on June 9, 2025.
– The breach exposed sensitive customer data, including full names, phone numbers, car registration numbers, home addresses, and email addresses.
– No financial information, plaintext passwords, or highly sensitive data were compromised, and services remain operational without material disruption.
– Zoomcar, a Nasdaq-listed company (ZCAR), must report the incident to the SEC under U.S. financial reporting standards.
– This is Zoomcar’s second major breach, following a 2018 incident where data of 3.5 million customers was leaked and later sold on an underground marketplace.
Zoomcar, a leading car-sharing platform, has confirmed a significant data breach affecting 8.4 million users after hackers infiltrated its systems earlier this month. The company detected the intrusion on June 9 when employees received unsolicited emails from cybercriminals claiming unauthorized access to sensitive information.
While Zoomcar’s services remain operational, internal investigations revealed that personal details of a substantial portion of its user base were compromised. The platform, which facilitates peer-to-peer vehicle rentals across Asia, went public in late 2023 through a merger with a U.S.-based special purpose acquisition company (SPAC) and now trades on Nasdaq under the ticker ZCAR.
As a publicly listed entity, Zoomcar is obligated to disclose cybersecurity incidents to the SEC, which it did in a formal statement. The breach exposed critical customer data, including full names, phone numbers, email addresses, home addresses, and vehicle registration details. Fortunately, financial records, passwords, and other high-risk identifiers were not accessed, according to the company.
Zoomcar emphasized that the full extent of the breach is still under review, and the attack method remains unclear. No ransomware group has claimed responsibility so far. This isn’t the first time the company has faced such an issue, in 2018, a separate breach leaked data belonging to 3.5 million users, including hashed passwords, which later surfaced for sale on dark web forums.
The latest incident raises concerns about data security in the rapidly growing car-sharing sector, particularly as digital platforms handle increasing volumes of sensitive user information. Zoomcar has yet to provide further details on mitigation efforts or whether affected customers will receive additional protections.
Efforts to obtain clarification from the company regarding the breach’s specifics have so far gone unanswered. Users are advised to monitor their accounts for suspicious activity and consider updating login credentials as a precautionary measure.
(Source: Bleeping Computer)
