8.4 million people affected by data breach at Indian car share company Zoomcar

Indian car share company Zoomcar said hackers stole the personal information of 8.4 million users in an incident discovered last week. 

The Bengaluru-based company reported the incident to the U.S. Securities Exchange Commission (SEC) on Friday, telling investors that the company initially became aware of the breach on June 9. The hacker contacted employees of the company claiming to have breached systems and stolen data. 

“Based on preliminary findings, the Company determined that an unauthorized third party accessed a limited dataset containing certain personal information of a subset of approximately 8.4 million users,” the company said.

The breach includes names, phone numbers, car registration numbers, addresses and emails. The company is investigating the breach but said there is currently no evidence that financial information or passwords were stolen. 

Additional safeguards have been implemented and a cybersecurity firm has been hired to help with the response. Zoomcar said it does not expect the incident to affect the company’s operation but may lead to reputational and remediation costs. The company did not respond to requests for comment.

Founded in 2013, Zoomcar now operates in 99 cities across India, allowing people to offer their cars for rental to the platform’s more than 10 million users. 

Zoomcar previously had a massive data breach in July 2018 that included the names, IP addresses, passwords and phone numbers of 3.6 million customers. The data was eventually sold on a dark web marketplace in 2020. 

Several of the largest rental car companies in the world have had data breaches caused by cyberattacks over the last 12 months. 

Hertz, which owns its eponymous car rental company as well as top brands like Dollar and Thrifty, reported an incident in April affecting at least 100,000 U.S. residents and Avis dealt with a cyberattack in August 2024 that leaked the information of almost 300,000 people.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment

Next Post

U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network

Related Posts

Simple Steps for Attack Surface Reduction

Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk. From disabling Office macros to blocking outbound server
Read More

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It’s where 85% of modern work now happens. It’s also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices create a risk surface that most security stacks weren’t designed to handle. For security leaders who know
Read More