Zoomcar Holdings, a peer-to-peer car-sharing platform operating primarily in India and Southeast Asia, says it has realized a significant cybersecurity breach affecting approximately 8.4 million users. The breach was first identified on June 9, 2025, when several Zoomcar employees received external communications from a threat actor claiming unauthorized access to company systems.
Upon learning of the incident, Zoomcar activated its internal incident response plan, launched a formal investigation, and began working with external cybersecurity experts to assess the scope and origin of the attack. The company’s preliminary analysis confirmed that a third party had accessed a limited dataset containing personal user information, including:
• Names
• Phone numbers
• Car registration numbers
• Personal addresses
• Email addresses
Zoomcar emphasized that, at this stage, there is no evidence suggesting that financial information, plaintext passwords, or other high-risk identifiers were compromised.
