zoomcar logo with data breach text and 8.4 million

Car-sharing leader Zoomcar Holdings, Inc. has reported a significant cybersecurity breach that has compromised the sensitive personal information of approximately 8.4 million users.

Discovered on June 9, 2025, this incident marks one of the largest data exposures in the mobility sector, underscoring persistent vulnerabilities in cloud infrastructure security.

According to an SEC Form 8-K filing, unauthorized actors gained access to the company’s information systems, exposing users' names, phone numbers, vehicle registration details, personal addresses, and email addresses.

The breach was revealed when Zoomcar employees received communications from the threat actors claiming they had accessed the company’s databases without authorization.

It appears that the attack specifically targeted a dataset containing personally identifiable information (PII) rather than compromising the entire company infrastructure.

zoomcar logo with data breach text and 8.4 million zoomcar logo with data breach text and 8.4 million

The SEC disclosure indicates that the compromised data repository included critical user information such as full names, mobile phone numbers, vehicle registration numbers, residential addresses, and email addresses linked to user accounts.

Cybersecurity experts suggest that this type of data exposure aligns with typical patterns of Advanced Persistent Threat (APT) attacks, where malicious actors conduct reconnaissance before extracting valuable datasets.

The breach methodology indicates potential weaknesses in the company’s access control mechanisms and network segmentation protocols.

Fortunately, Zoomcar’s preliminary investigation shows that financial information, including payment card data and bank account details, remained secure.

Additionally, plaintext passwords and other sensitive authentication credentials were not compromised, indicating that the company employed effective password hashing algorithms and secure credential storage practices.

The scale of the breach affects around 8.4 million users across Zoomcar’s operational markets, making it a significant incident that requires mandatory disclosure under various data protection regulations.

zoomcar logo with lock sign and 8.4 million users textzoomcar logo with lock sign and 8.4 million users text

The exposed personal information could be exploited for identity theft, social engineering attacks, or targeted phishing campaigns against affected users.

Upon discovering the security incident, Zoomcar promptly activated its incident response plan, adhering to established cybersecurity frameworks such as the NIST Cybersecurity Framework protocols.

The company’s security team implemented containment measures to prevent further unauthorized access and initiated a forensic analysis to determine the attack vector and scope of the compromise.

Immediate response actions included isolating affected systems, enhancing network monitoring tools, and conducting thorough security audits across their cloud infrastructure.

To bolster their investigation and security measures, the company has engaged third-party cybersecurity specialists.