Zoomcar confirms data breach exposed info on 8.4 million users.
The Bengaluru-based car-sharing startup discovered the hack on June 9. Hackers accessed names, phone numbers, and car registration numbers. No financial info or plaintext passwords were hit, Zoomcar said in its SEC filing.
The issue came to light after employees received messages from the threat actor claiming access to company data. Zoomcar triggered its incident response immediately. 
The company has now added more safeguards, boosted system monitoring, and is reviewing access controls. It’s also working with cybersecurity experts and law enforcement.
“Upon discovery, the company promptly activated its incident response plan,” Zoomcar stated.
“No evidence that financial information, plaintext passwords, or other sensitive identifiers” were leaked.
Zoomcar hasn’t confirmed if customers have been notified or shared info about the hacker. TechCrunch reached out to Zoomcar and will update when they respond.
Zoomcar runs in 99 cities with 25,000+ cars and over 10 million users. It recently reported a 19% year-on-year jump in rentals to 103,599 bookings but still posted a $7.9 million net loss.
“To date, the incident has not resulted in any material disruption to the company’s operations,” Zoomcar said.
