Overview

• On June 9, Zoomcar staff were alerted by a threat actor email, leading the company to uncover unauthorized access to its information systems.
• Sensitive customer details – including full names, phone numbers, car registration numbers, home addresses and email addresses of 8.4 million users – were exposed.
• Zoomcar reports no evidence that financial data, plaintext passwords or other sensitive identifiers were compromised in the breach.
• The company has activated its incident response plan, implemented enhanced cloud and network controls and engaged third-party cybersecurity experts.
• Zoomcar has informed the U.S. Securities and Exchange Commission and law enforcement authorities and continues to operate without material disruption.