Indian car-sharing marketplace Zoomcar has revealed that a hacker accessed the personal data of at least 8.4 million customers, including their names, phone numbers, and car registration numbers.

The Bengaluru-headquartered company identified the incident involving unauthorized access to its information systems on June 9, per its filing with the U.S. Securities and Exchange Commission. The company stated that it became aware of the incident after some of its employees received external communications from a threat actor who claimed to have gained access to the company’s data.

“Upon discovery, the company promptly activated its incident response plan,” said Zoomcar in its filing.

The company said there was “no evidence that financial information, plaintext passwords, or other sensitive identifiers” were compromised in the breach.

Responding to the incident, Zoomcar said it implemented “additional safeguards across the cloud and internal network, increasing system monitoring, and reviewing access controls,” without providing further details. The company also stated that it is engaging with third-party cybersecurity experts and has notified “appropriate regulatory and law enforcement authorities and is cooperating fully with their inquiries.”

However, Zoomcar has not yet said if it has informed affected customers about the incident, and whether it has any information about the hacker.

TechCrunch has reached out to Zoomcar, asking these questions and more, and will update this article when the company responds.

Founded in 2013, Zoomcar allows customers to rent cars on a monthly, weekly, daily, and hourly basis. The company operates in 99 cities with over 25,000 cars and has more than 10 million users, per the data available on its investor relations website. In addition to India, the company operates in Egypt, Indonesia, and Vietnam.

In February, Zoomcar reported a 19% year-on-year increase in car rentals to 103,599 bookings. Contribution profit jumped over 500% to $1.28 million, while net loss stood at $7.9 million.

“To date, the incident has not resulted in any material disruption to the company’s operations,” the company said.