Over 8M exposed after major car-sharing app breach

Last updated: 16 June 2025
Zoomcar data leak exposes millions
Image by Cybernews.

Zoomcar, India’s largest peer-to-peer car-sharing app, has suffered a data breach. The sensitive details of millions of customers have been exposed.

The NASDAQ-listed company announced the breach via SEC 8-K filing, saying it identified the incident on June 9th. Interestingly, according to the filing, attackers contacted Zoomcar’s employees, informing them that the company’s system was broken.

“The Company became aware of the incident after certain employees received external communications from a threat actor alleging unauthorized access to Company data,” reads the filing.

ADVERTISEMENT
Gintaras Radauskas Stefanie Paulina Okunyte Niamh Ancell BW
Stay informed and get our latest stories on Google News
Google News Follow us

A subsequent incident investigation revealed that attackers managed to access a “limited dataset” that stored personal data of 8.4 million individuals. According to the company, the compromised user details include:

  • Names
  • Phone numbers
  • Car registration numbers
  • Personal addresses
  • Personal addresses
  • Email addresses

The company stressed that there is no indication that “financial information, plaintext passwords, or other sensitive identifiers were compromised” so far.

However, skilled attackers could use the stolen data to create a full personal profile of a person, including what type of vehicle they own and where they live. Attackers could utilize these details for burglary.

“In response to the incident, the company has taken immediate actions to contain the threat and enhance its security posture. These measures include implementing additional safeguards across the cloud and internal network, increasing system monitoring, and reviewing access controls,” Zoomcar said.

“In response to the incident, the company has taken immediate actions to contain the threat and enhance its security posture. These measures include implementing additional safeguards across the cloud and internal network, increasing system monitoring, and reviewing access controls,”

Zoomcar said.

The company added that the attack didn’t cause any operational disruption.

ADVERTISEMENT

Established in 2013, Zoomcar operates in tens of Indian cities. In 2018, it also suffered a data breach, when over 3.5 million records were stolen, exposing names, IP addresses, and other sensitive user data.

Share
Post
Share
Share
Share
More from Cybernews
iPhone wingman app leaks 160K chat screenshots
Hackers can target Teslas and other EVs through public chargers
Oh, the irony: Wimbledon’s new automated system plagued by human errors
Over 26,000 Bitcoin Depot customers learn of data breach one year later
Meta continues its $100M AI talent poaching spree: now it's after Apple
Ukraine shoots “special sanctions” at Russian crypto entities
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked