Zoomcar, the car rental platform, has suffered a significant data breach, compromising the personal information of approximately 8.4 million users. The company disclosed the incident in a filing with the U.S. Securities and Exchange Commission (SEC) on June 17, revealing that the breach was detected on June 9. The compromised data includes names, phone numbers, email addresses, car registration numbers, and personal addresses. Zoomcar stated that financial information and plaintext passwords were not accessed. Following the discovery, the company initiated its incident response plan, increased system monitoring, and engaged third-party cybersecurity experts. Law enforcement and regulatory authorities have been notified and are receiving cooperation. While the company assesses the impact, no direct communication has been made to affected users, and the identity of the threat actor remains undisclosed.
