Prosura attackers put insurer's customer data up for sale
Prosura attackers claim to have obtained nearly 100 million lines of data from the VroomVroomVroom partner earlier this month. The Cybernews research team believes that the data posted by attackers could be legitimate.
Prosura, which sells car rental insurance in partnership with VroomVroomVroom, is grappling with a major cyber incident. The company noted a data breach last week after a third party ravaged through Prosura’s internal IT systems.
The extent of the attack reached a point where the company’s clients were contacted by hackers with details about their insurance policies and personal data. Now, however, the attackers appear to be attempting to sell the data.
Information, likely stolen from Prosura’s systems, was posted on a popular data leak forum used by gangs to exchange often stolen information. According to the post’s author, the dataset includes a whopping 98 million lines of records.
The Cybernews research team has investigated the data sample attached to the post, noting that the attackers’ claims appear to be legitimate. The sample includes photocopies of driver's licenses and full insurance policies, which are stuffed with personal identifiable information (PII).
However, the team assessed that the attackers meant 98 million lines of records in a literal sense, and the number of exposed individuals is far smaller. Researchers estimate that the Prosera data breach may have exposed around 300,000 people in total.
Prosera appears to be aware of the attackers’ claims, as the company’s incident response page has been updated with a message stating that the company has noticed “some online activity relating to this incident” and is working to verify the claims. The message was posted two days after the attackers posted the data online.
The insurer's earlier messaging revealed that the company thinks attackers may have accessed insurance policies as well as:
- Travel information
- Travel destinations
- Pricing data
- Policy start and end dates
- Drivers’ licences
- Related images
“We are also working with experts from across the cybersecurity industry to assist with our response to the incident and have sophisticated monitoring in place to detect any further developments,” the company explained via the incident response page.
The data breach will undoubtedly have a financial impact on Prosura as the company reportedly had to halt sales of new policies and its online self-service to mitigate the attack. Prosura, which also trades as Hiccup, operates mainly in Australia and New Zealand.
So far, it appears that only customer personal details and insurance policies have been accessed, and no payment information was exposed. According to the company, it does not store credit card details on its systems.
However, some of the company’s customers were likely spooked by the attackers who attempted to contact them. According to screenshots shared with ABC, the attackers sent emails to Prosura customers complaining that the company ignored their demands.
“What brings me back to this exploit today is the fact that they completely ignored my message and left the vulnerability open, which is insane,” the attackers’ message said.
Meanwhile, the company is aware that the attackers may have reached out to some of its clients and urged customers not to engage with them.
“Please do not respond to these messages and do not contact any email address mentioned in them,” the company said.
Australia has suffered several major data breaches in recent times. In 2025, the Scattered Lapsus$ Hunters hacker collective breached Australia's Qantas Airways, leaking the personal details of six million of its customers.
Meanwhile, in 2022, the Singapore Telecommunications-owned carrier Optus suffered a data breach, which exposed the personal information of over 9 million Australians, a third of the country’s population.
Unlock more exclusive Cybernews content on YouTube.
