Prosura.com Data Breach 01/01/26. Contact from threat actor

Forums › Off topic › Prosura.com Data Breach 01/01/26. Contact from threat actor

kiwiharry

1064 posts

Uber Geek
+1 received by user: 476

ID Verified

Subscriber

#323701 4-Jan-2026 12:15

I received the email below generated by a threat actor who has breached Hiccup / Prosura. I used Prosura 2 years ago to buy a rental vehicle excess insurance policy.

Email appears to be one that would be automatically generated after making a modification to the policy, which it appears the threat actor has done by adding his message. The rest of the email included the policy number, my full name, period of insurance, premium charged, date of original transaction and clickable links to "manage policy" and "view invoice". URL's for those links match the urls in the orginal transaction email I received at time of taking out the policy.

As far as I can tell the breach appears genuine. Unsure if credit card info has been compromised.

No communications received from Prosura who are based in Australia.

from: Prosura <policies@prosura.com>
reply-to: Prosura <help@prosura.com>
to:

date: 3 Jan 2026, 19:07

subject: Modification: Rental Vehicle Excess Insurance - Policy VROOM-RVENZ00000

mailed-by: awsses-ap-southeast-2.prosura.com

Signed by: prosura.com security:

Standard encryption (TLS) Learn more

Please read this message closely.

On 01/01/2026, Hiccup / Procura was hit by a data breach that not only crippled its systems but also leaked all consumer information, including full names, email addresses, phone numbers, invoices, and much more. I (the threat actor) attempted to reach out to Hiccup to try to patch this issue and possibly claim a bug bounty.

What brings me back to this exploit today is the fact that they have completely ignored my message and left the vulnerability open, which is insane. To the Hiccup / Prosura HR team: you must contact xxxxxxxx@proton.me to get this sorted. I'm done playing this game with you. We need to get this resolved, or everything will be leaked and ended here.

Now this is a direct message to you, the consumer, regardless of what happens next. Your trust has already been broken - your information was put at risk due to ignored security practices, and the company failed to act even after being warned. I am currently trying to reach an agreement with the Hiccup / Prosura team to resolve this and ensure the data does not leak.

If you can't laugh at yourself then you probably shouldn't laugh at others.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3449588 4-Jan-2026 12:59

it's not necessarily as they state - could be a separate unrelated scrape of emails happened, and you've been targeted for spam with a spoofed address. Could be what the email says, too, but impossible to tell without the company communicating transparently....or the sender of the email goes public as with MMH.

kiwiharry

1064 posts

Uber Geek
+1 received by user: 476

ID Verified

Subscriber

#3449601 4-Jan-2026 13:46

gehenna:

it's not necessarily as they state - could be a separate unrelated scrape of emails happened, and you've been targeted for spam with a spoofed address. Could be what the email says, too, but impossible to tell without the company communicating transparently....or the sender of the email goes public as with MMH.

Yeah could be. I checked haveibeenpwned and it currently indicates no databases have the affected email address.

Will see what happens in coming days

If you can't laugh at yourself then you probably shouldn't laugh at others.

Treotech

2 posts

Wannabe Geek

#3449609 4-Jan-2026 14:16

I got them as well

It looks Legit to me, the way the emails are sent as comments on previous policies taken out makes it very hard to spoof.

Very frustrating if it is legit and we haven't been told,

kiwiharry

1064 posts

Uber Geek
+1 received by user: 476

ID Verified

Subscriber

#3449852 5-Jan-2026 10:09

Cyber incident has now been confirmed by Prosura.

https://prosura.com/incident-jan-2026/

If you can't laugh at yourself then you probably shouldn't laugh at others.

boosacnoodle

1280 posts

Uber Geek
+1 received by user: 862

#3449869 5-Jan-2026 10:58

How did you purchase these policies? Did it happen in NZ?

kiwiharry

1064 posts

Uber Geek
+1 received by user: 476

ID Verified

Subscriber

#3449882 5-Jan-2026 11:32

boosacnoodle:

How did you purchase these policies? Did it happen in NZ?

Purchased this policy online. Was an option provided when I booked a rental vehicle for use here in NZ via booking website called vroomvroomvroom, who I've used occasionally for personal hires over the past 10+ years.

If you can't laugh at yourself then you probably shouldn't laugh at others.

AliExpress

Shop now on AliExpress (affiliate link).

Treotech

2 posts

Wannabe Geek

#3449995 5-Jan-2026 15:10

Thanks for the update

I purchased mine online as well back in 2023/2024, i am based in Australia