Car-sharing giant Zoomcar recently disclosed a massive data breach impacting the personal data of at least 8.4 million customers. The software firm, based in Bengaluru, India, discovered an incident of unauthorized access to its information systems on June 9. As soon as it discovered, it immediately triggered its incident response plan and started notifying impacted customers.
Zoomcar, which was started in 2013, has quickly scaled up the model. It currently operates in 99 cities across India, Egypt, Indonesia and Vietnam with a fleet of more than 25,000 vehicles and more than 10 million users. The platform allows customers to rent cars on a monthly, weekly, daily, or hourly basis, catering to a diverse range of transportation needs.
While this data breach was alarming, it hasn’t hampered Zoomcar’s success. In just February alone, they made 103,599 bookings which is a stunning 19% YoY increase for car rentals. Moreover, the cost of the company’s contribution profit skyrocketed more than 500%, topping out at $1.28 million. It also announced a net loss of $7.9 million during that same period.
In the case of Teco, the compromised data visible thus far are names, phone numbers, and vehicle registration numbers. Fortunately, Zoomcar stated that there is no evidence that financial information, plaintext passwords, or other sensitive identifiers were accessed during the breach.
Following the incident, Zoomcar has worked with third-party cybersecurity experts to bolster its security protocols. The company announced plans to implement additional safeguards across its cloud and internal network, focusing on increasing system monitoring and reviewing access controls.
“Upon discovery, the company promptly activated its incident response plan.” – Zoomcar
While the investigation proceeds Zoomcar is dedicated to ensuring that its users’ data is kept secure and that its services are untainted.