Another day, another data breach. This time, it is India’s car-sharing giant Zoomcar. The company has confirmed that a hacker managed to access the personal data of over 8.4 million users.
The data includes names, phone numbers, and car registration details. The incident came to light after some Zoomcar employees started receiving messages from a threat actor who claimed to have stolen the company’s data.
Zoomcar says the breach happened on June 9, and they acted quickly by activating their incident response plan. In a filing with the U.S. SEC, Zoomcar said they have already taken steps like boosting internal security, tightening access controls, and increasing system monitoring. They have also roped in third-party cybersecurity experts to investigate. Zoomcar also claims that the incident hasn’t disrupted their business operations.
The good news, at least for now, is that no financial information, plain-text passwords, or highly sensitive IDs were compromised in the breach. However, the company hasn’t confirmed if affected users have been informed. And we still do not know who the hacker is or if the data is floating around online.
That’s worrying, especially for a company that operates in 99 cities with over 25,000 cars and claims more than 10 million users globally. Apart from India, Zoomcar also operates in countries like Egypt, Indonesia, and Vietnam.
It is important to note that phone numbers and car registration data can be misused. And if hackers are already contacting employees, it’s hard not to wonder what else they are planning to do with it.
Zoomcar must be more transparent about what happened, and more importantly, what they are doing next. For users, the question is simple: can they still trust the platform?
