Zoomcar Data Breach: Millions of Users' Personal Info Exposed; Is Financial Data Safe?

Bengaluru-headquartered car-sharing platform Zoomcar has disclosed a significant security breach, revealing that the personal information of at least 8.4 million users has been compromised. The Bengaluru-based company reported that names, contact numbers, and vehicle registration details of its customers were exposed after a hacker managed to infiltrate its systems.

Zoomcar detected the breach on June 9, as mentioned in its regulatory filing with the US Securities and Exchange Commission. The company became aware of the unauthorised access when employees received direct communication from an individual claiming responsibility for the hack. "Upon discovery, the company promptly activated its incident response plan," Zoomcar stated in its filing.

Financial Data Reportedly Safe

While the breach involves substantial personal data, Zoomcar emphasised that there is "no evidence that financial information, plaintext passwords, or other sensitive identifiers" have been accessed or leaked. The company has not elaborated on how the breach occurred or if the perpetrator has been identified.

In response to the incident, Zoomcar said it has tightened security measures, including adding "additional safeguards across the cloud and internal network, increasing system monitoring, and reviewing access controls." The firm is also working closely with external cybersecurity experts and has informed relevant regulatory bodies and law enforcement agencies, pledging full cooperation with ongoing investigations.

Customer Notification Status Unclear

Despite the scale of the breach, Zoomcar has yet to clarify whether affected customers have been directly informed about the incident. The company has also not disclosed any details regarding the hacker’s identity or possible motives.

Zoomcar, which started operations in 2013, allows customers to rent vehicles by the hour, day, week, or month. Its operations span 99 cities with a fleet of over 25,000 vehicles and a user base exceeding 10 million, according to figures listed on its investor website. The platform has also expanded beyond India, offering services in Egypt, Indonesia, and Vietnam.

Business Operations Unaffected So Far

Despite the breach, Zoomcar confirmed that its day-to-day business has not suffered significant disruption. "To date, the incident has not resulted in any material disruption to the company’s operations," it assured in its filing.

The security lapse comes at a time when the company has been reporting robust growth. In February, Zoomcar announced a 19% year-over-year rise in car rentals, with bookings reaching 103,599. Contribution profit saw a sharp increase of over 500% to $1.28 million, although the net loss remained at $7.9 million.

As of now, Zoomcar has not provided any timeline for completing its investigation or disclosing further details. TechCrunch has contacted the company for additional information and awaits a response.

technology