Zoomcar, a prominent car-sharing platform in India, has revealed that a cyber attack has resulted in the unauthorized access of personal data belonging to approximately 8.4 million customers. The breach, which was detected on June 9, involved the compromise of names, phone numbers, and car registration numbers, as disclosed in a filing with the U.S. Securities and Exchange Commission (SEC).
The discovery of the breach was made after a threat actor contacted employees of Zoomcar, claiming to have gained access to the company’s data. Following this, the company swiftly activated its incident response plan, as stated in its filing. It is emphasized that the breach did not affect financial information, plaintext passwords, or other sensitive identifiers.
In response to the incident, Zoomcar has enhanced its cybersecurity measures, which include strengthened cloud and network safeguards, increased monitoring of its systems, and a thorough review of access controls. The company is working in collaboration with external cybersecurity experts and has informed the relevant regulatory and law enforcement authorities, committing to full cooperation with ongoing investigations.
At this point, Zoomcar has not confirmed whether the affected customers have been notified or provided details regarding the identity of the hacker. TechCrunch has reached out to the company for further clarification and will update with new information as it becomes available.
Founded in 2013, Zoomcar operates in 99 cities across India, Egypt, Indonesia, and Vietnam, offering over 25,000 cars for rent under flexible terms. With a user base exceeding 10 million, the company reported a 19% year-over-year increase in car rentals, reaching 103,599 bookings in February. This was accompanied by a 500% surge in contribution profit to $1.28 million, despite incurring a net loss of $7.9 million.
Zoomcar has assured that the breach has not resulted in significant disruptions to its operations.
Source Link
