Zoomcar Data Breach 2025: Hacker Claims Access to 8.4 Million User Records

Indian car-sharing platform Zoomcar has confirmed a major data breach affecting 8.4 million users. While there was no disruption to services, personal data was accessed, though financial information and plaintext passwords were reportedly unaffected. The attackers are now reportedly extorting the company, threatening to publicly release the stolen data unless a ransom is paid.

Severity Level: High

Incident Details

• Overview: On June 9, 2025, Zoomcar Holdings, Inc. discovered a cybersecurity incident involving unauthorized access to its information systems. The company became aware of the breach after several employees received external communications from a threat actor claiming to have accessed sensitive company data. The company immediately activated its incident response plan to investigate and mitigate the impact of the breach.
• Upon further analysis, it was determined that a third-party actor had gained unauthorized access to a limited dataset containing personal information of approximately 8.4 million users.
• How the Breach Happened: The breach occurred through unauthorized access by a third-party actor to Zoomcar’s internal systems. At this stage, the Company has not released further information regarding the exact method of attack but has confirmed that its initial investigation pointed to a targeted breach involving a specific subset of data.
• Data Stolen During the Breach: The exposed data included personal information associated with approximately 8.4 million users. The specific types of data compromised are,
  • Names
  • Phone numbers
  • Car registration numbers
  • Personal addresses
  • Email addresses
• No evidence was found of: Financial data (payment details, banking info), Plaintext passwords or password hashes
• The breach was reported to the U.S. SEC, complying with the U.S. financial reporting standards.
• Historical note: Zoomcar experienced a similar breach in 2018, exposing 3.5 million users — sold later in underground forums.

Recommendations

1. Ensure timely patching and updates to all endpoints, including operating systems, applications, and third-party software.
2. Reclassify user data like car registration, address, phone numbers as sensitive.
3. Encrypt all stored customer PII, even if not classified as financial.
4. Implement strict data retention policies that ensure data is kept only as long as necessary and properly disposed of when no longer needed.
5. It is recommended that the Zoomcar users immediately update their account credentials, be vigilant for phishing attempts referencing Zoomcar, and enable multi-factor authentication where possible.
6. Zoomcar users should monitor for unusual activity on accounts associated with the exposed data.

Source:

• https://www.bleepingcomputer.com/news/security/zoomcar-discloses-security-breach-impacting-84-million-users/
• https://www.sec.gov/Archives/edgar/data/1854275/000121390025054319/ea0245724-8k_zoomcar.htm

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.