India's car sharing marketplace Zoomcar has revealed that hackers have access to personal data from at least 8.4 million customers, including names, phone numbers and car registration numbers.
Bengaluru Headquarted Company identified an incident on June 9th involving unauthorized access to the information system, in accordance with its filing with the Securities and Exchange Commission. The company said it noticed the incident after receiving external communications from threat actors who claimed that some of its employees had access to the company's data.
“After discovery, the company immediately activated its incident response plan,” Zoomcar said in the filing.
“There is no evidence that financial information, plaintext passwords, or other confidential identifiers have been breached in violation,” the company said.
In response to the incident, Zoomcar said it has implemented “additional protection measures across the cloud and internal network, increased system monitoring, and review of access controls.” The company also said it is involved with third-party cybersecurity experts, “we have notified appropriate regulatory and law enforcement authorities and are fully cooperating with their inquiries.”
However, Zoomcar has not yet said whether it has notified affected customers about the incident and whether there is information about the hackers.
TechCrunch contacts Zoomcar and asks these questions and more and updates this article when the company responds.
Founded in 2013, Zoomcar allows customers to rent cars monthly, weekly, daily, hourly. The company operates in 99 cities with over 25,000 cars and has over 10 million users according to data available on the Investor Relations website. In addition to India, the company operates in Egypt, Indonesia and Vietnam.
In February, Zoomcar reported a 19% increase in car rentals to 103,599 bookings, a year-over-year increase. Contributions were over 500%, exceeding $1.28 million, with a net loss of $7.9 million.
“To date, this incident has not caused any serious disruption to the company's business,” the company said.