Zoomcar Holdings (Zoomcar) has disclosed that unauthorized accessed its system led to a data breach impacting 8.4 million users.
The incident was detected on June 9, after a threat actor emailed company employees alerting them of a cyberattack.
Although there has been no material disruption to services, the company’s internal investigation confirmed that sensitive data belonging to a subset of its customers has been compromised.
Zoomcar is an Indian peer-to-peer car-sharing marketplace that connects car owners with renters across emerging markets in Asia, offering short and medium-term vehicle rentals.
The company became a U.S.‑listed, Delaware‑registered public company in late 2023, following a merger with an American blank-check firm IOAC, and its shares are now traded in Nasdaq (ZCAR).
Adhering to U.S. financial reporting standards, the company is required report the incident to the U.S. Securities and Exchange Commission (SEC).
“On June 9, 2025, Zoomcar Holdings, Inc. identified a cybersecurity incident involving unauthorized access to its information systems,” the company informs.
“The Company became aware of the incident after certain employees received external communications from a threat actor alleging unauthorized access to Company data.”
The results of its preliminary investigation show that the following data for 8.4 million customers has been exposed to an unauthorized party:
Full name
... continue reading