Australian insurer Prosura reports data breach, extortion attempt
Learn More
Prosura, an Australian car insurance provider, reports a data breach after attackers broke into its IT systems on January 1, 2026. The company, which also trades as Hiccup and links to the rental site VroomVroomVroom, discovered the intrusion on January 3.
The attacker gained access to customer records and began emailing victims directly to pressure the firm into a payment.
The attacker claims they found a security flaw and tried to report it for a reward. They allege Prosura ignored their warnings and left the system open. To force a response, the attacker sent emails to customers containing specific policy numbers and fake policy extensions. Prosura shut down its online portal and stopped policy sales while it investigates the breach.
The exposed data includes:
- Full names and email addresses
- Phone numbers and country of residency
- Travel destinations and travel dates
- Invoicing and pricing data
- Policy start and end dates
- Driver’s licenses and claim images
The number of affected individuals is not disclosed. The firm notified authorities in Australia and New Zealand about the event.
Security experts advise customers to watch for identity fraud and phishing attempts any messages from the attacker.
