Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users

Zoomcar, the popular car-sharing platform based in India, has confirmed a major data breach. The company said that a hacker gained access to the personal data of over 8.4 million users.

The stolen data includes:

• Full names
  
• Phone numbers
  
• Car registration numbers
  

Thankfully, no financial details or plain-text passwords appear to have been leaked, according to the company.

What Happened?

Zoomcar discovered the breach on June 9, 2025, after some employees got suspicious messages. These came from someone claiming to have accessed Zoomcar’s internal systems.

In response, Zoomcar said it immediately activated its incident response plan and began investigating.

The company also filed a formal report with the U.S. Securities and Exchange Commission (SEC) to disclose the breach.

What Data Was Compromised?

According to Zoomcar’s filing, the following customer information may have been exposed:

• Names
  
• Contact numbers
  
• Vehicle registration details
  

However, Zoomcar said there’s no sign that sensitive details like:

• Bank info
  
• Passwords (in readable form)
  
• Government IDs
  

were accessed during the breach.

How Is Zoomcar Handling It?

Zoomcar says it’s taking the breach seriously. Here’s what the company claims to have done so far:

1. Boosted its internal security — including cloud and network protections.
   
2. Increased system monitoring — to catch any suspicious activity early.
   
3. Reviewed access controls — to tighten who can reach sensitive systems.
   
4. Called in outside experts — cybersecurity firms are now helping with the investigation.
   
5. Informed authorities — the company is working with law enforcement and regulators.
   

However, Zoomcar has not yet confirmed whether it has directly notified the users who were affected.

Is the Hacker Identified?

At this time, no details have been shared about the hacker or how exactly they broke into Zoomcar’s systems.

Tech reporters are still waiting for updates from the company about:

• Whether the breach is ongoing
  
• If user data has been sold or leaked
  
• Whether users need to take any action
  

Business Still Running

Despite the breach, Zoomcar said it hasn’t faced any major disruption to its operations. Its service remains available in all the markets where it operates.About Zoomcar

Here’s a quick refresher on Zoomcar:

• Founded in 2013
  
• Lets users rent cars by the hour, day, week, or month
  
• Operates in 99 cities
  
• Has more than 25,000 cars listed
  
• Serves over 10 million users
  
• Also active in Egypt, Indonesia, and Vietnam
  

Earlier this year, Zoomcar posted:

• A 19% jump in bookings, with over 100,000 rentals in one quarter
  
• Contribution profit of $1.28 million
  
• Net loss of $7.9 million
  

Key Takeaways

• Zoomcar confirmed a data breach affecting 8.4 million users.
  
• Stolen info includes names, phone numbers, and car registration numbers.
  
• No bank data or passwords are believed to be compromised.
  
• The company is working with cybersecurity experts and authorities.
  
• No service interruption has occurred, but users haven’t been directly alerted yet.
  

Final Thoughts

This breach highlights once again how even trusted platforms can become targets of cyberattacks. While Zoomcar has taken steps to tighten its security, the lack of direct communication with users raises concerns.

If you’re a Zoomcar user:

• Stay alert for suspicious messages.
  
• Monitor any accounts linked to your car rental history.
  
• Consider changing passwords if you reused them across platforms.