---
schema_version: "secwatch.filing_event.v1"
accession: "0001213900-25-054319"
form_type: "8-K"
ticker: "ZCAR"
cik: "0001854275"
company_name: "Zoomcar Holdings, Inc."
filed_at: "2025-06-13T23:59:59+00:00"
generated_at: "2026-05-19T09:09:58.639757+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.75
calibrated_materiality_score: 0.75
confidence: "high"
source: SEC EDGAR
---

# Zoomcar discloses data breach affecting 8.4 million users’ personal data

## Summary
- Unauthorized third party accessed personal data of approx 8.4 million Zoomcar users, including names, phone numbers, car registration numbers, addresses, and emails.
- No evidence of financial information, plaintext passwords, or other sensitive identifiers being compromised.
- Company activated incident response plan, engaged third-party cybersecurity experts, and notified regulatory and law enforcement authorities.
- Incident has not caused any material disruption to operations to date; company continues to assess legal, financial, and reputational impacts.

## SEC filing metadata
- accession: 0001213900-25-054319
- form_type: 8-K
- ticker: ZCAR
- cik: 0001854275
- company_name: Zoomcar Holdings, Inc.
- filed_at: 2025-06-13T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.75
- calibrated_materiality_score: 0.75
- confidence: high
- sec_items: 1.05
- EDGAR index: https://www.sec.gov/Archives/edgar/data/1854275/000121390025054319/0001213900-25-054319-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1854275/000121390025054319/ea0245724-8k_zoomcar.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0001213900-25-054319
- JSON: https://secwatch.observer/filing/0001213900-25-054319.json
- Plain text: https://secwatch.observer/filing/0001213900-25-054319.txt

## Key facts
- Cybersecurity Incidents
  Zoomcar Holdings, Inc. disclosed a cybersecurity incident: cybersecurity incident involving unauthorized access to information systems; an unauthorized third party accessed a limited dataset containing certain personal information of approximately 8.4 million users, including names, phone numbers, car registration numbers, personal addresses and email addre. Impact: To date, the incident has not resulted in any material disruption to the Company's operations; the Company continues to evaluate scope and potential impacts including legal, financial, and reputational considerations and remediation costs. Materiality is still being assessed. Discovered 2025-06-09.
  - Nature: cybersecurity incident involving unauthorized access to information systems; an unauthorized third party accessed a limited dataset containing certain personal information of approximately 8.4 million users, including names, phone numbers, car registration numbers, personal addresses and email addre
  - Impact: To date, the incident has not resulted in any material disruption to the Company's operations; the Company continues to evaluate scope and potential impacts including legal, financial, and reputational considerations and remediation costs
  - Materiality: assessing
  - Discovery: 2025-06-09
  source text: On June 9, 2025, Zoomcar Holdings, Inc. (the “Company”) identified a cybersecurity incident involving unauthorized access to its information systems.
  evidence_url: https://www.sec.gov/Archives/edgar/data/1854275/000121390025054319/0001213900-25-054319-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.
