Zoomcar Hit by Cyber Attack, 8.4 Mn Users’ Data Compromised Amid Financial Struggles
Zoomcar, the Nasdaq-listed self-drive car rental platform, has confirmed a major data breach, exposing the personal information of 8.4 million users, according to a filing with the U.S. Securities and Exchange Commission (SEC).
What Was Breached?
The exposed data includes:
- Names
- Phone numbers
- Email addresses
- Car registration details
- Residential addresses
Zoomcar has stated that there is no evidence of financial data or passwords being leaked. The breach was discovered after employees received threats from a hacker claiming unauthorized access.
Immediate Response and Mitigation Steps
Upon detecting the breach, Zoomcar activated its incident response plan and:
- Reported the incident to regulatory and law enforcement agencies
- Implemented new cybersecurity safeguards
- Enhanced monitoring systems and access controls
However, the company has not clarified whether affected users have been directly notified or disclosed the extent of the long-term impact.
A Blow Amid Deep Financial Turmoil
This cyber attack hits as Zoomcar battles severe financial instability:
- Reported $7.9 million in losses in Q4, though improved from the prior year
- Maintains negative working capital of $40.8 million
- Struggles to meet operational and financial obligations
- Warned that without additional funding, it cannot sustain operations beyond 2025
The company’s revenue remains stagnant at $2.5 million, and total expenses were cut drastically to $5.7 million.
Leadership and Structural Challenges
- Former CEO Hiroshi Nishijima resigned in May
- Deepankar Tiwari, ex-Uber APAC executive, was appointed as new CEO
- Originally founded in 2013, Zoomcar went public via a SPAC deal in December 2023
The breach further undermines user trust at a time when Zoomcar is already under pressure to deliver growth, raise funds, and restructure operations.
Cybercrime Rising in India
Zoomcar’s breach is part of a growing wave of digital fraud in India. According to the Finance Ministry, there were 2.4 million digital fraud incidents amounting to INR 4,245 Cr in just the first 10 months of FY25. Recently, scam websites like “Jio Eat” have emerged, imitating trusted brands to trap users.
With mounting financial risk, regulatory scrutiny, and now data security challenges, Zoomcar’s path ahead appears increasingly precarious.
