In The Event Of
Get started free
P

Prosura Data Breach 2026:
What You Need to Know

Between 300,000 and 500,000 customers of Australian rental-car excess insurance provider Prosura had personal data exposed after an unauthorised actor accessed its internal IT systems. In an unusual escalation, the attacker is emailing customers directly from Prosura's own compromised email infrastructure. Here is what happened, what data was leaked, and steps you can take to protect yourself.

Breach date:1 January 2026
Records affected:300,000 to 500,000
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the Prosura Breach Unfolded

1 January 2026

Unauthorised actor accessed Prosura's internal IT systems and began exfiltrating customer records.

3 January 2026

Prosura detected the intrusion. The company halted sales of new policies and disabled the online self-service portal while incident response began. The ACSC, OAIC, and NSW Police were notified.

January 2026 onwards

Threat actor began directly emailing individual customers from Prosura's own compromised email systems, including each customer's own data as proof. The attacker claimed Prosura had previously ignored their security disclosures.

This direct outreach from Prosura's own email infrastructure (rather than a spoofed lookalike domain) is a highly unusual escalation. Australian cybersecurity authorities and IDCare have advised affected customers not to engage with these messages or download any attachments.

Sources: Cyber Daily AU, Cybernews

What Was Exposed

Personal Data Leaked in the Breach

The volume of data per customer varies. According to reporting, all affected customers had their name, email, age, and policy details exposed, while a subset also had phone numbers and driver's licence information included. Prosura has been cautious about confirming the exact total; the attacker's own claim of 300,000 to 500,000 records sets the publicly known upper bound.

Data TypeRisk LevelWho Was Affected
Full nameHighAll affected customers
Email addressHighAll affected customers
Phone numberHighSubset of affected customers
AgeMediumAll affected customers
Driver's licence numberHighSubset of affected customers
Insurance policy detailsMediumAll affected customers

Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Identity-linked data (name, phone, address, driver's licence) is rated High because the combination is commonly used to verify identity at banks, telcos, and other insurers, and supports targeted scam approaches especially given the attacker is known to directly contact customers.

✅ Confirmed NOT Exposed

Prosura confirmed that payment information (credit cards, bank account details) was not stored in the affected systems and was not exposed. Active rental car policies on file with insurers, brokers, or rental companies were unaffected.

Company Response

What Prosura Did

“We have temporarily disabled our online services while we investigate this incident. Customers should be vigilant for unusual communications referencing their Prosura policies.”
Prosura, January 2026 statement

Actions Taken by Prosura

  • Detected the unauthorised access on 3 January 2026
  • Halted new policy sales and online self-service to prevent further data access
  • Notified the ACSC, OAIC, and NSW Police
  • Engaged external cyber-forensics specialists
  • Began direct notifications to affected customers
  • Reviewed and hardened internal access controls
ACSCOAIC NDB Scheme

What Now?

Steps You Can Take After the Prosura Breach

Even though no payment information was exposed, the combination of name email phone and driver's licencegives scammers everything needed to impersonate you at banks, telcos, and other insurers. The fact that the attacker is reaching out directly from Prosura's own email systems makes social-engineering attempts especially convincing. Here are general best-practice steps, organised by the types of accounts most commonly affected.

Insurance and Driver's Licence Protection

Driver's licence numbers are reusable identifiers used to verify identity across many services.

Apply for a replacement driver's licence number

~20 min
Where your driver's licence number was included in the exposed data, contacting your state or territory road authority (Service NSW, VicRoads, TMR Queensland, etc.) to apply for a replacement licence with a new number is widely recommended. A new card alone does not change the underlying number; you generally need to request a reissue specifically due to a data breach.

Alert other insurers and brokers you hold policies with

Driver's licence and contact details can be used to attempt unauthorised changes to other policies (car, home, life). Letting your other insurers know you were affected by a breach can prompt them to apply additional verification on inbound requests linked to your account.

Email Security

The attacker is sending email from Prosura's own systems, which makes phishing especially convincing.

Be hyper-vigilant about Prosura-themed email

Treat any message referencing your Prosura policy with extra caution, even if it appears to come from a legitimate Prosura address. Do NOT click links or download attachments from unsolicited Prosura emails. If you need to contact Prosura, do so via their official phone line, not by replying to email.

Strengthen email account security

~5 min
Updating the password and enabling MFA on the email account associated with your Prosura policy is widely recommended. Review email forwarding rules and connected app permissions, as these can be exploited to silently intercept verification messages from other services.

Identity Protection

Name + driver's licence + phone is commonly used in identity verification by financial institutions.

Consider a credit ban

~20 min
With name driver's licence and contact details exposed, the combination could potentially be used in fraudulent credit applications. Placing a free credit ban with Australian credit bureaus prevents new credit from being opened without additional verification.
Equifax AUExperian AU

Set a SIM lock or port-out PIN

~10 min
Where your phone number was part of the exposed data, contacting your mobile carrier to set a port-out PIN is a practical safeguard. SIM-swap fraud can be used to intercept verification codes and bypass MFA on other accounts.

Consult IDCare for tailored guidance

IDCare (1800 595 160) is Australia's national identity and cyber support service and provides free, tailored guidance for people affected by data breaches, including specific advice for driver's licence exposure.
Visit IDCare

Reporting

Australian resources for breach response and identity protection.

Report scam contact to Scamwatch and ACSC

If you receive a scam or extortion email referencing your Prosura policy, report it to Scamwatch and to the ACSC. This contributes to broader awareness and helps authorities track threats linked to this incident.

Not sure which of your accounts are affected?

In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.

Check My Email Free

Are You Still at Risk?

The Hidden Danger: Compound Breach Exposure

The Prosura breach did not happen in isolation. If your data also appeared in other major Australian breaches, the combination of leaked information can build a more complete identity profile.

How breach data compounds

On its own, the Prosura breach exposed names, contact details, and driver's licence numbers for a subset of customers. But if your email also appeared in the Optus or Latitude breaches, the combined data set may already include passport numbers, Medicare details, and additional identity documents. This kind of compound exposure significantly increases the risk of identity fraud.

  • Optus (2022)9.8M records - identity documents
  • Latitude Financial (2023)14M records - identity documents
  • Qantas (2025)5.7M records - name + DOB + contact
  • Prosura (2026)300K to 500K - driver's licence + contact

If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

Prosura Breach FAQ

Sources

  1. Cyber Daily AU: "Rental car insurer Prosura confirms cyber incident as alleged threat actor contacts victims"
  2. Cybernews: "Prosura attackers put insurer's customer data up for sale"
  3. SC Media: "Cyberattack disclosed by Australian insurer Prosura"
  4. Insurance Business AU: "Prosura cyber incident triggers shutdown of key online services"
  5. Cyber Express: "Prosura Cyberattack Disrupts Insurance Services In Australia"
  6. OAIC: Notifiable Data Breaches scheme
  7. OAIC: What is personal information? (Privacy Act 1988 categories)
  8. OAIC: Australian Privacy Principles
  9. IDCare

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

NYC Health + Hospitals Data Breach 2026

~1.8M records exposed

Critical

Australian Courts Data Breach 2026

Thousands of files records exposed

Critical

youX Data Breach 2026

~444K records exposed

High

Canvas (Instructure) Data Breach 2026

~275M (claimed) records exposed

Medium

Booking.com Data Breach 2026

Undisclosed records exposed

High

McGraw Hill Data Breach 2026

13.5M records exposed

High

Crunchyroll Data Breach 2026

Undisclosed records exposed

High

Eurail Data Breach 2026

300K+ records exposed

High

Basic-Fit Data Breach 2026

1M records exposed

High

Under Armour Data Breach 2025

72M records exposed

High

Salesforce (ShinyHunters) Data Breach 2025

~1B records exposed

High

Allianz Life Data Breach 2025

2.8M records exposed

High

Workday Data Breach 2025

Undisclosed records exposed

Medium

Western Sydney University Data Breach 2025

10K records exposed

High

Genea Fertility Data Breach 2025

940K records exposed

Critical

DeepSeek Data Breach 2025

1M records exposed

Medium

Tangerine Telecom Data Breach 2024

232K records exposed

High

Australian Clinical Labs Data Breach 2022

223K records exposed

Critical

Qantas Data Breach 2025

5.7M records exposed

High

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High
View all breach guides →

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Prosura or its underwriters. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.