Prosura Insurance Hit by Cyberattack, Customer Data at Risk
Australian and New Zealand insurer Prosura (also operating as Hiccup) has confirmed a cyberattack after a threat actor claimed to have stolen customer data and demanded a deal to prevent its release. The company, which provides rental car accident insurance, has temporarily suspended new policy sales and its online self-service portal while investigating the breach.
Prosura detected unauthorized access to its systems on Saturday, revealing that compromised data may include names, email addresses, phone numbers, travel details, policy information, and claim-related documents, such as driver’s licenses and images. While the company stated that credit card details were not accessed—as it does not store them—it acknowledged that some customers received fraudulent emails related to older policies.
The threat actor, who claimed to have breached Prosura’s systems on New Year’s Day, accused the company of ignoring earlier attempts to report the vulnerability. In an email sent to victims, the attacker referenced specific policy numbers and falsely offered a free "policy extension" dated January 3, pressuring Prosura to respond or face a full data leak.
Prosura founder Mike Boyd confirmed that the attackers had used aggressive tactics, including direct contact with customers, and urged recipients to ignore suspicious messages. The company has notified authorities and implemented additional security measures but has not disclosed the number of affected customers.
The breach follows a string of high-profile cyber incidents in Australia, including attacks on Optus (2022), HWL Ebsworth (2023), and Qantas (2025), highlighting persistent vulnerabilities in corporate cybersecurity. A New Zealand victim, who purchased Prosura insurance through the affiliated VroomVroomVroom rental comparison site in mid-2024, reported receiving the fraudulent email and expressed concerns over potential identity theft risks, particularly regarding exposed personal details like full names and dates of birth.
Prosura has not provided further details on the breach, citing the ongoing investigation.
PROSURA cybersecurity rating report: https://www.rankiteo.com/company/prosura
VroomVroomVroom cybersecurity rating report: https://www.rankiteo.com/company/vroomvroomvroom
Prosura cybersecurity rating report: https://www.rankiteo.com/company/hiccup-insurance
"id": "PROVROHIC1767758793",
"linkid": "prosura, vroomvroomvroom, hiccup-insurance",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Insurance (car excess insurance for '
'rental vehicles)',
'location': 'Australia, New Zealand',
'name': 'Prosura (also trades as Hiccup)',
'type': 'Insurance company'},
{'industry': 'Travel/Automotive (car rental comparison)',
'location': 'Australia, New Zealand',
'name': 'VroomVroomVroom',
'type': 'Car rental comparison website'}],
'attack_vector': 'Unauthorised system access (vulnerability exploitation)',
'customer_advisories': 'Warning about fraudulent emails, generic response to '
'breach inquiries',
'data_breach': {'data_exfiltration': 'Yes (threat actor claims to have '
'obtained all consumer information)',
'personally_identifiable_information': 'Names, email '
'addresses, phone '
'numbers, country of '
"residency, driver's "
'licences and related '
'images',
'sensitivity_of_data': "High (driver's licences, names, "
'contact details, travel data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Policy details',
'Claim data']},
'date_detected': '2025-01-04',
'date_publicly_disclosed': '2025-01-06',
'description': 'Personal information belonging to customers of insurer '
"Prosura has been obtained by a self-described 'threat actor', "
'who has threatened to leak the data unless they strike a deal '
'with the company. Prosura has shut down sales of new policies '
'and its online self-service portal while investigating the '
'incident.',
'impact': {'brand_reputation_impact': 'Negative publicity, loss of customer '
'trust',
'customer_complaints': 'Customers received fraudulent emails and '
'suspicious communications',
'data_compromised': 'Names, email addresses, phone numbers, '
'country of residency, travel destinations, '
'invoicing and pricing data, policy start/end '
"dates, claim data (driver's licences and "
'related images)',
'downtime': 'Sales of new policies and self-service portal shut '
'down during investigation',
'identity_theft_risk': "High (exposure of PII, driver's licences)",
'operational_impact': 'Disruption to policy sales and customer '
'service operations',
'payment_information_risk': 'Low (credit card details not '
'stored/accessed)',
'systems_affected': "Prosura's internal systems, online "
'self-service portal'},
'initial_access_broker': {'entry_point': 'Unpatched vulnerability (claimed by '
'threat actor)'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion, potential financial gain',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2025-01-06', 'source': 'ABC News'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes (authorities '
'notified)'},
'response': {'communication_strategy': 'Public statement on website, customer '
'advisories about fraudulent emails',
'containment_measures': 'Shut down sales of new policies and '
'online self-service portal, additional '
'security measures implemented',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (authorities notified)',
'remediation_measures': 'Urgent system review, vulnerability '
'patching'},
'stakeholder_advisories': 'Customers advised not to respond to suspicious '
'emails/phone calls; authorities notified',
'threat_actor': 'Self-described threat actor (potentially initial access '
'broker)',
'title': 'Prosura Customer Data Breach and Extortion Attempt',
'type': 'Data Breach, Extortion'}