πŸ”’breach.co.nz Β· the NZ & Australia breach register πŸ›‘οΈ A Govern service
Register β€Ί πŸ‡¦πŸ‡Ί AU β€Ί Insurance
Advertising
Your brand, in front of the right people
Run-of-site leaderboard β€” every ad-supported page across the register.
Enquire β†’ breach@govern.co.nz

Prosura

πŸ‡¦πŸ‡Ί Β· Prosura Β· Record AU-2026-0044
β—‹ Reported β€” awaiting official confirmation
Reported β€” awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2026-01
Regulator
none
Trust tier
B Β· Reported

Data exposed

Names, phone numbers, email addresses, country of residence, invoicing and pricing data, travel destinations and policy start/end dates Company-confirmed
Claim data reportedly including driver licences and related images Media-reported

Confidence: Confirmed = regulator/court Β· Company-confirmed = the organisation's own disclosure Β· Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In January 2026 the rental-car and travel insurer Prosura (which also trades as β€œHiccup”) confirmed a cyber incident after an alleged threat actor began contacting its customers [pro-cyberdaily]. Prosura said the compromised information included names, phone numbers, email addresses, country of residence, invoicing and pricing data, travel destinations and policy start and end dates, and that claim records may also have been affected β€” reporting described driver licences and related images among that claim data [pro-cyberdaily], [pro-cybernews]. Prosura said it had no indication that payment or credit-card information was accessed [pro-cyberdaily].

Timeline

  • 2026-01 β€” Incident discovered in early January; Prosura temporarily disabled self-service functions and engaged external cyber experts [pro-cyberdaily].
  • 2026-01 β€” Prosura publicly confirmed the incident after the alleged attacker contacted victims [pro-cyberdaily].

Current status

Investigating. The person(s) claiming responsibility contacted victims and reportedly offered the data for sale; those are claims made by the alleged attacker and are not asserted here as fact [pro-cybernews]. Prosura has not published a count of people affected, so no figure is asserted.

Why it matters

Travel and rental-car insurance records combine identity and travel-pattern data, and claim files can hold driver-licence images β€” exactly the material used for identity fraud.

GGOVERN Tabletop Exercises Β· Govern house Know your response holds β€” before the claim lands. Book a Discovery Call β†’