Zoomcar, India’s leading car-sharing platform, has confirmed that personal data belonging to at least 8.4 million customers was compromised in a cybersecurity incident. The breach, discovered on June 9, 2025, came to light after a threat actor reached out to company employees, claiming unauthorized access to the company’s data.
According to a mandatory disclosure filed with the U.S. Securities and Exchange Commission (SEC), the exposed information includes user names, phone numbers, and car registration numbers. However, Zoomcar stressed that no financial data, plaintext passwords, or other highly sensitive identifiers were accessed.
The company immediately launched its incident response protocol and began working with internal and external cybersecurity experts to contain and assess the damage.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Incident Response and Cybersecurity Enhancements Underway
Zoomcar’s SEC filing notes that the breach did not cause any operational disruption. However, the company is taking no chances. As part of its containment and future prevention strategy, Zoomcar has implemented several new cybersecurity measures, including:
- Enhanced cloud and network protection frameworks
- Increased real-time monitoring of systems and user activities
- A full review of access controls and administrative privileges
- Engagement with third-party cybersecurity firms for forensic investigation
Additionally, regulatory and law enforcement authorities have been notified. Zoomcar stated that it is cooperating fully with all investigations, although the identity of the hacker and the extent of data misuse remain unclear.
As of now, it has not been confirmed whether individual users affected by the breach have been directly informed.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Growth Amid Crisis: Zoomcar’s Expansion and Financial Performance
The breach comes at a time when Zoomcar has been aggressively scaling its operations. Founded in 2013, the company now operates in 99 cities across India, Egypt, Indonesia, and Vietnam, and offers a fleet of over 25,000 cars available on flexible rental terms.
Despite the cybersecurity setback, Zoomcar recently reported strong growth metrics, including:
- Over 10 million registered users
- A 19% year-on-year increase in car rentals, with 103,599 bookings recorded in February 2025
- A 500% surge in contribution profit, reaching $1.28 million(₹10.69 crore)
- A reported net loss of $7.9 million(₹65.97 crore), reflecting continued investment in expansion
Company executives have expressed confidence that the breach, while serious, will not have long-term impacts on operational stability or user growth.