Latest news with #IOAC

Hindustan Times

Car sharing platform Zoomcar reports data breach compromising personal info

Car sharing platform Zoomcar has reported a data breach that compromised the personal information of approximately 8.4 million users. It informed the US Securities and Exchange Commission (SEC) about the June 9 beach on June 13. Zoomcar operates primarily in India, but it is incorporated in the US and listed on the US stock exchange, Nasdaq, after its merger with US-based Innovative International Acquisition Corporation (IOAC). This makes Zoomcar subject to US securities laws and disclosure obligations under the SEC. Initial findings suggest that the breach involved names, phone numbers, email addresses, car registration numbers, and residential addresses. Zoomcar said there is no evidence of any compromise of financial information, plaintext passwords, or other highly sensitive data. In its filing, Zoomcar said it became aware of the breach after employees received messages from a threat actor claiming to have gained unauthorised access to company data. The company activated its incident response plan and launched an internal investigation. 'In response to the incident, the Company has taken immediate actions to contain the threat and enhance its security posture. These measures include implementing additional safeguards across the cloud and internal network, increasing system monitoring, and reviewing access controls,' said the company in the filing. Zoomcar publishes its SEC filings on its investor relations website, but this disclosure was not available there at the time of reporting. Instead, the filing was on the SEC's website. A press release from the company is expected later in the day. According to a 2020 Inc42 report, a security researcher found a database of 9.1 million Zoomcar users sold on the dark web for as little as $1, while the full set was priced at $300. The hacker claimed to have breached the company in 2018. The data included names, emails, phone numbers, IP addresses, and encrypted passwords. In a shareholder document ahead of its planned merger with IOAC in 2023, Zoomcar cautioned investors about potential risks related to its business. Under the section titled 'Risks Related to Zoomcar's Business,' the company acknowledged past cybersecurity issues. 'From time to time, and most recently in 2018, we have experienced security incidents or attempted attacks, and in some instances, individuals have had their personal information compromised. We conduct investigations when we become aware of such incidents and/or attempted attacks (although our investigations may not be able to determine the method of attack) and may notify affected persons, as necessary,' said the document, a copy of which HT has seen.