Security Incident Affecting Prosura Services
Security Incident Update
We have become aware of some online activity relating to this incident and are working to verify these claims as a priority.
We will contact any impacted parties as required to provide support and guidance.
What happened
On 3 January we identified unauthorised access to a portion of our internal IT systems by an unknown third party.
As a precaution, we have temporarily taken some website functions offline as a precautionary measure. This includes the ability to purchase a policy, submit or manage a claim, or administer an existing policy via our self-service portal.
While these services are offline, we are conducting an urgent review of our systems and put additional security measures in place to prevent reoccurrence.
We are aware that some customers have received fraudulent emails relating to their policies and may include claims about the incident as well as instructions to contact a third-party email address.
Information that may have been accessed
Based on our investigation to date we believe that some information related to customer policies and claims may have been impacted.
This data may include contact information, travel destinations, invoicing and pricing data as well as policy start and end dates. For some customers that have made a claim, additional information may also have been impacted including drivers’ licences and related images – please consider whether you have previously made a claim and any supporting materials you may have provided.
What we're doing for you
We’re taking this incident extremely seriously and are working to ensure that all appropriate action is taken in response to this incident.
We have notified the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) and will notify any regulatory bodies in accordance with our obligations.
We are also working with experts from across the cyber security industry to assist with our response to the incident and have sophisticated monitoring in place to detect any further developments.
Active Policies
If you have upcoming travel, you can proceed with your travel as planned. Your policy validity is not affected by the incident. If you need support for a claim, please contact us at help@prosura.com with ‘Claim’ in the headline and we will assist you further with the process.
Our Commitment
We know this is concerning and we are sorry this has happened. Our focus is on protecting our customers, supporting those affected, and restoring services safely.
Once we have confirmed what information was involved in this incident, we will contact impacted parties as required to provide support and guidance.
We will provide a further update as soon as we can confirm additional facts as they arise.
Sincerely,
Mike Boyd
Managing Director, Prosura
Support: help@prosura.com
Frequently Asked Questions (FAQ’s)
When did this happen?
We first identified the incident in late 3 January 2026 and have been working as a priority to determine what happened and what information may have been impacted.
What has been done in response to this incident?
As soon as Prosura became aware of this incident, we quickly enacted our incident response plan and began working to ensure the security of our systems, with support from external experts.
We have notified the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) and will notify any regulatory bodies in accordance with our obligations.
We are also working with experts from across the cyber security industry to assist with our response to the incident and have sophisticated monitoring in place to detect any further developments.
How did this happen? / How did the unauthorised third-party gain access?
We had robust cybersecurity measures in place prior to the incident. However, no ICT environment is impenetrable.
We’re taking this incident extremely seriously and are working to ensure that all appropriate action is taken in response to this incident. However, due to cyber security considerations, we cannot share further details.
We are also working with experts from across the cyber security industry to assist with our response to the incident and have sophisticated monitoring in place to detect any further developments.
When will you provide more information?
Investigating a cyber incident involves a thorough and meticulous process to ensure all aspects of the incident are understood and addressed.
We have aimed to provide accurate and comprehensive information to our customers and staff as soon as possible and will provide further detail as new information comes to light.
We are conscious that premature updates could lead to misinformation or confusion. As such, we want to ensure that we have all the necessary details before communicating with our staff and customers about the impacted data.
Are the recent spam/phishing emails I have received linked to this incident?
We have not received any reports of spam or phishing emails related to this incident. However, we recommend that you stay vigilant by reporting suspicious emails and avoiding clicking on any unknown or suspicious links or attachments.
Security Incident Affecting Prosura Services
Current status
Prosura is responding to a cyber incident.
What happened
On Saturday we identified unauthorised access to parts of our systems. As a precaution, we have temporarily disabled the ability to purchase a policy, submit or manage a claim, or administer an existing policy via our self-service portal while we investigate and secure our environment.
We are also aware that some customers have received fraudulent emails relating to older, completed policies. These messages may include claims about the incident and may instruct recipients to contact a third-party email address.
Information that may have been accessed
Our initial investigations show the compromised data may include names, email addresses, phone numbers, country of residency, travel destinations, invoicing and pricing data as well as policy start and end dates. Claim data may also have been compromised including drivers licences and related images.
Importantly, there is no indication that payment information (including credit card details) have been accessed. Prosura does not store credit card details.
What we're doing for you
We’re taking this incident extremely seriously. We will work with specialist cyber security experts to investigate what happened, secure our systems, and restore services safely.
We will publish updates, FAQs and relevant information on this Incident page on the Prosura.com website.
What you should do
- Do not reply to suspicious emails and do not contact any third-party email address mentioned in them.
- Do not click links or open attachments in unexpected messages.
- Be vigilant against phishing attempts (emails, calls or texts) that use your personal details to appear legitimate.
- Monitor latest updates, FAQs and relevant information published on the Incident Page on the Prosura.com website. Please review these updates for timely information.
Active Policies
If you have upcoming travel, you can proceed with your travel as planned. Your policy validity is not affected by the incident. If you need support for a claim, please contact us at help@prosura.com with ‘Claim’ in the headline and we will assist you further with the process.
Our Commitment
We know this is concerning and we are sorry this has happened. Our focus is on protecting our customers, supporting those affected, and restoring services safely. If we confirm new important information as our investigation continues, we will share it with customers via this Incident page.
We will provide a further update as soon as we can confirm additional facts and the full scope of impacted data.
Sincerely,
Mike Boyd
Managing Director, Prosura
Support: help@prosura.com
