Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users
Zoomcar Holdings, a peer-to-peer car-sharing company that connects car owners with renters, has revealed that its information systems were accessed without permission, affecting approximately 8.4 million users.
The Bengaluru-based firm discovered this cybersecurity incident on June 9, 2025, after some of its staff received messages from a hacker claiming to possess company data. According to Zoomcar’s official disclosure to the US Securities Exchange Commission (SEC), the unauthorized party gained access to a specific collection of personal details.
This included users’ names, phone numbers, car registration numbers, home addresses, and email addresses. Importantly, the company has stated that current evidence suggests financial information, actual passwords, or other highly sensitive identification numbers were not compromised in this event.
Founded in 2013, Zoomcar has become a significant player in the car-sharing market, with over 10 million users and a fleet of more than 25,000 cars. Its operations span 99 cities across several countries, including India, Egypt, Indonesia, and Vietnam.
Following the discovery, Zoomcar immediately activated its plan for dealing with such incidents. Measures taken include adding extra security features to its cloud and internal networks, increasing monitoring of its systems, and re-evaluating who has access permissions.
The company has also brought in external cybersecurity experts to help with their investigation. Moreover, relevant government and law enforcement bodies have been informed, and Zoomcar is working closely with them.
Despite the serious nature of the breach, the company stated, “To date, the incident has not resulted in any material disruption to the Company’s operations.” However, Zoomcar continues to assess the full extent of the event, including possible legal, money-related, and reputation impacts, as well as the costs to fix the issues. It remains uncertain if affected customers have been directly told about the incident or if the identity of the hacker is known.
A History of Security ChallengesThis is not the first time Zoomcar has faced such security issues. In July 2018, the company experienced another major data breach that exposed the details of 3.6 million customers. That earlier incident involved the theft of names, internet addresses (IP addresses), passwords, and phone numbers. The information from that 2018 breach was later found for sale on a dark web marketplace in 2020.
This recent event occurs amidst a period where other large car rental companies, such as Hertz and Avis , have also reported cyberattacks within the last year, highlighting ongoing security challenges across the rental car sector.
“Although this was a large breach, the information compromised does not pose a direct threat to victims’ online accounts or finances,” explained Paul Bischoff, Consumer Privacy Advocate at Comparitech.
“Victims should be on the lookout for targeted phishing messages and scams via text and email. Those messages might pretend to be from Zoomcar or a related company. Never click on links or attachments in unsolicited emails and texts,” he warned.
HackRead
