What happened
In January 2026 the rental-car and travel insurer Prosura (which also trades as βHiccupβ) confirmed a cyber incident after an alleged threat actor began contacting its customers [pro-cyberdaily]. Prosura said the compromised information included names, phone numbers, email addresses, country of residence, invoicing and pricing data, travel destinations and policy start and end dates, and that claim records may also have been affected β reporting described driver licences and related images among that claim data [pro-cyberdaily], [pro-cybernews]. Prosura said it had no indication that payment or credit-card information was accessed [pro-cyberdaily].
Timeline
- 2026-01 β Incident discovered in early January; Prosura temporarily disabled self-service functions and engaged external cyber experts [pro-cyberdaily].
- 2026-01 β Prosura publicly confirmed the incident after the alleged attacker contacted victims [pro-cyberdaily].
Current status
Investigating. The person(s) claiming responsibility contacted victims and reportedly offered the data for sale; those are claims made by the alleged attacker and are not asserted here as fact [pro-cybernews]. Prosura has not published a count of people affected, so no figure is asserted.
Why it matters
Travel and rental-car insurance records combine identity and travel-pattern data, and claim files can hold driver-licence images β exactly the material used for identity fraud.