Breach taxonomy
Summary
On June 9, 2025, Zoomcar Holdings detected unauthorized access to its platform systems, resulting in the exfiltration of personally identifiable information for approximately 8.4 million users. The exposed data included names, email addresses, phone numbers, and other user profile information. The company took steps to contain the breach, notified affected users, and engaged cybersecurity experts and law enforcement.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsData Exfil
Unauthorized actor actively accessed and exfiltrated user PII from the company's platform → DATA-EXFIL.
AssetsPersonal Data
Approximately 8.4 million users' personally identifiable information (names, emails, phone numbers) was exfiltrated → PERSONAL-DATA.