- Zoomcar filed a new 8-k form with SEC confirming Cyberattack
- It found out the attack from the threat actors
- Over 8 million users could have had their personal data stolen
Car Sharing Marketplace Zoomcar has suffered a cyberattack where it lost sensitive information about millions of customers.
In a new 8-k form submitted to the US Securities and Exchange Commission (SEC), the company said it was made aware of the attack on June 9, 2025, and a subsequent study determined that threat actors managed to steal, “a limited data set containing certain personal information about a subgroup of about 8.4 million users”.
It includes people’s names, phone numbers, car registration numbers, mailing addresses and E -email addresses -but at this point Zoomcar says it has no reason to believe that financial information, passwords or other sensitive identifiers were compromised.
No disturbance
In response to the attack, the company activated its incident response plan and took “immediate action” to contain the threat.
However, this was apparently too little too late as the company was actually made aware of the incident of the threat actors themselves.
Zoomcar said the hackers reached “certain employees” where they claimed to have done the violation, which suggested that they dwell on the systems long enough to wipe out the information they sought.
It was not explained why attackers reached their victims, but it is safe to assume that they required payment in return to delete the stolen files. T.
He wording of 8-K filing suggests that Zoomcar did not pay any ransom. Instead, it implemented “additional protective measures” across the cloud and the internal network, increased system monitoring and underwent access control.
In addition, it brought in a third-party cybersecurity expert for further assistance and informed regulators and police of the incident.
“To date, the incident has not resulted in any significant disruption of the company’s operations,” concluded Zoomcar.
However, the company continues to evaluate the scope and potential effects of the event, including legal, financial and reputation considerations, as well as any associated remediation costs.
Via Techcrunch
