Millions of Zoomcar users have had their personal data breached by an unauthorised third party.
The Indian-based car sharing platform, which connects car owners with renters for short and medium-term rentals, said that 8.4 million of its 10 million users were affected by the breach. The information stolen included names, phone numbers, car registration numbers, personal addresses and email addresses.
"At this time, there is no evidence that financial information, plaintext passwords, or other sensitive identifiers were compromised," stated the US Securities and Exchange Commission in a release.
Zoomcar was made aware of the breach on June 9, when some of its employees were contacted by a threat actor, who stated they had gained access to the company's data.
Upon contact from the hacker, Zoomcar initiated its incident response plan: "These measures include implementing additional safeguards across the cloud and internal network, increasing system monitoring, and reviewing access controls."
Zoomcar is also using cybersecurity experts outside the company to help investigate the breach and has notified regulatory and law enforcement authorities, assisting as need be.
The type of the attack is yet to be confirmed and no ransomware group has put their hand up in relation to the attack.
This isn't the first time Zoomcar has had customer data stolen. In 2018 more than 3.5 million of its users had info including names, phone numbers, email addresses, emailed, and IP addresses exposed and then offered for sale on the dark web.
