Zoomcar Holdings (Zoomcar) has disclosed a data breach impacting 8.4 million users. The incident was detected on June 9, 2025, after a threat actor emailed company employees alerting them of a cyberattack. Although there has been no material disruption to services, the company’s internal investigation confirmed that sensitive data belonging to a subset of its customers has been compromised. The exposed data includes full names, phone numbers, car registration numbers, home addresses, and email addresses. There is no evidence of exposing users’ financial information, plaintext passwords, or any other sensitive data that could lead to the identification of individuals.
TPRM report: https://scoringcyber.rankiteo.com/company/zoomcar-india-pvt-ltd-
"id": "zoo603061625",
"linkid": "zoomcar-india-pvt-ltd-",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '8.4 million',
'industry': 'Peer-to-peer car-sharing marketplace',
'location': 'India',
'name': 'Zoomcar Holdings',
'type': 'Company'}],
'data_breach': {'number_of_records_exposed': '8.4 million',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Sensitive',
'type_of_data_compromised': ['Full name',
'Phone number',
'Car registration number',
'Home address',
'Email address']},
'date_detected': '2025-06-09',
'description': "Unauthorized access to Zoomcar's system led to a data breach "
'impacting 8.4 million users.',
'impact': {'data_compromised': ['Full name',
'Phone number',
'Car registration number',
'Home address',
'Email address']},
'investigation_status': 'Preliminary investigation completed, scope and '
'impact still being evaluated',
'references': [{'source': 'BleepingComputer'}],
'regulatory_compliance': {'regulatory_notifications': 'U.S. Securities and '
'Exchange Commission '
'(SEC)'},
'title': 'Zoomcar Data Breach',
'type': 'Data Breach'}