Insurer Prosura has confirmed a significant cyber incident involving unauthorized access to its systems and the compromise of customer personal data. The breach has prompted the company to disable its online self-service portal and halt all new policy sales while an investigation into the scope of the exposure remains ongoing.
Prosura, a car excess insurer that also operates under the brand name Hiccup, is currently investigating a security breach after an unauthorized party gained access to its internal systems. The company specializes in providing insurance for rental car accidents across Australia and New Zealand. While the full scale of the incident has not yet been disclosed, the insurer has taken the immediate step of suspending its digital operations and new business transactions to contain the situation.
The breach came to light after customers reported receiving direct communications from an individual claiming to be a threat actor. This individual asserted that they had obtained sensitive personal information and issued a public ultimatum, threatening to release the data unless a deal is reached with the company. This direct contact has caused significant distress among policyholders who are now concerned about the long-term security of their private information and the potential for identity theft.
Customers impacted by the event are often linked to the car rental comparison platform VroomVroomVroom. Both Prosura and the comparison site share the same ownership, and the insurance products are frequently sold as add-ons during the vehicle booking process. Because of this integration, the breach has raised questions about the security of data sharing between the related entities and the extent to which rental customers were vulnerable.
In response to the threat, Prosura has prioritized its forensic investigation but has stayed relatively silent on the specific number of individuals affected. The shutdown of the self-service portal means that existing customers currently have limited access to their account details or policy management tools. This lack of transparency regarding the volume of stolen records has added to the frustration of those waiting to hear if their specific details were included in the haul.
The situation remains fluid as the company works with security experts to determine how the threat actor bypassed their defenses. For now, the primary focus for the insurer is negotiating the technical recovery of its systems and addressing the demands made by the unauthorized party. Customers are being advised to remain vigilant for any suspicious activity while the company continues its efforts to secure the environment.
Source: Insurer Prosura Hit By Cyber Data Breach As Customers Contacted By Threat Actor