Zoomcar, a prominent Indian tech firm, has become the victim of a significant data breach impacting 8.4 million users. The company reported the security incident to the SEC on June 17, detailing that the breach was discovered on June 9 after some employees received messages indicating unauthorized access to internal data. The compromised data includes names, phone numbers, email addresses, car registration numbers, and personal addresses. Zoomcar has asserted that financial data and plaintext passwords were not compromised. The company has activated its incident response plan, increased surveillance, and engaged external cybersecurity professionals. Law enforcement and regulatory bodies are involved, but affected users have not yet been directly notified, and the identity of the threat actor remains unknown.
