Indian car-sharing marketplace Zoomcar has disclosed a significant data breach, revealing that a hacker gained unauthorized access to the personal information of at least 8.4 million customers. The compromised data includes sensitive details such as customers' names, phone numbers, and car registration numbers. The Bengaluru-headquartered company identified the security incident on June 9, as detailed in its filing with the U.S. Securities and Exchange Commission.

Zoomcar became aware of the breach after several of its employees received external communications from a threat actor who asserted they had obtained access to the company’s data. Following this discovery, Zoomcar promptly activated its incident response plan. The company reassured stakeholders by stating there was no evidence that financial information, plaintext passwords, or other highly sensitive identifiers were compromised during the breach.

In response to the incident, Zoomcar has implemented additional safeguards across its cloud infrastructure and internal network. This includes increased system monitoring and a comprehensive review of access controls, although specific details regarding these measures were not provided. The company has also engaged third-party cybersecurity experts to assist with the investigation and remediation efforts. Furthermore, Zoomcar has notified appropriate regulatory and law enforcement authorities and is cooperating fully with their ongoing inquiries.

Despite these actions, Zoomcar has not yet publicly confirmed whether it has informed the affected customers about the incident or provided any information regarding the identity of the hacker. TechCrunch has attempted to reach out to Zoomcar for further clarification on these critical aspects.

Founded in 2013, Zoomcar operates as a car-sharing marketplace, offering vehicle rentals on monthly, weekly, daily, and hourly bases. The company boasts a substantial footprint, operating in 99 cities with a fleet of over 25,000 cars and serving more than 10 million users, according to data available on its investor relations website. Beyond its strong presence in India, Zoomcar also extends its services to Egypt, Indonesia, and Vietnam.

Financially, Zoomcar recently reported a 19% year-on-year increase in car rentals, reaching 103,599 bookings. The company’s contribution profit experienced a significant jump of over 500% to $1.28 million, although it recorded a net loss of $7.9 million. Despite the severity of the data breach, Zoomcar stated that “to date, the incident has not resulted in any material disruption to the company’s operations.”