Australian car rental insurer Prosura has suffered a major data breach, exposing the personal and policy information of an estimated 300,000 customers. Attackers are now selling the stolen data identity data on a public forum after the company reportedly failed to meet their demands.
Spangle AI, a startup founded by former Amazon and Bolt executives, has raised $15 million in a Series A round to build an agentic infrastructure for ecommerce. The platform connects AI-driven product discovery with real-time conversion.
Instagram is denying a system breach after data from 17.5 million accounts was leaked online and users were hit with a wave of password reset emails. Meta says it fixed a bug causing the email spam, but the leaked data, though likely old, still poses a significant phishing risk to users.
Australian car rental insurer Prosura has suffered a major data breach, exposing the personal and policy information of an estimated 300,000 customers. Attackers are now selling the stolen data identity data on a public forum after the company reportedly failed to meet their demands.
Cyber News Centre's cyber update for 14th January 2026: Prosura Pty Ltd has confirmed a significant data breach after an unauthorised third party compromised its internal IT systems, with sensitive customer data now being actively sold by the attackers.
Prosura is an Australian financial services company that provides rental vehicle excess insurance, operating in Australia and New Zealand. Trading also as Hiccup, the company partners with the car rental comparison website VroomVroomVroom and its products are issued by Pacific International Insurance.
Update: Australian car rental insurer Prosura confirmed it detected unauthorised access to its systems on January 3rd, 2026. The attackers exfiltrated a significant volume of customer data and subsequently contacted customers directly with fraudulent emails. Following the initial breach, the threat actors have now posted the stolen data for sale on a well-known data leak forum, claiming to possess 98 million lines of records. Security researchers estimate this corresponds to the personal information of around 300,000 individuals.
The compromised data includes names, contact details, policy information, travel destinations, and, for customers who have filed claims, driver's licenses and related images. Prosura has stated that it does not store credit card details and that payment information was not accessed.
The company has taken its policy purchase and claims management portals offline, notified the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), and is working with external cybersecurity experts to manage the incident. Active policies remain valid, but the operational shutdown and public data leak represent a major security failure for the insurer and its partners.
Why it Matters: The Prosura breach is another significant blow to the security of Australian consumer data, following major incidents at Optus and Qantas. The direct contact by attackers with customers and the subsequent public sale of sensitive data, including identity documents, create a substantial risk of widespread identity theft, sophisticated phishing campaigns, and financial fraud for the 300,000 affected individuals.
This incident underscores the persistent vulnerability of supply chains, as Prosura is a key partner for VroomVroomVroom, and highlights the severe reputational and operational damage inflicted by such attacks, forcing a complete shutdown of key customer-facing systems.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Instagram is denying a system breach after data from 17.5 million accounts was leaked online and users were hit with a wave of password reset emails. Meta says it fixed a bug causing the email spam, but the leaked data, though likely old, still poses a significant phishing risk to users.
A sophisticated Chinese-speaking threat actor has been caught exploiting a trio of VMware ESXi zero-day vulnerabilities, allowing them to escape virtual machines and gain full control of the underlying hypervisor.
Gulshan Management Services, a Texas-based operator of ~150 gas stations, has disclosed a major data breach affecting over 377,000 individuals. The breach, resulting from a phishing attack that led to a ransomware infection, exposed highly sensitive personal and financial information.
A critical zero-day attack is actively targeting WatchGuard Firebox firewalls, exposing thousands of organisations worldwide. Australian cyber authorities have issued an urgent alert, warning the flaw enables remote takeover of network devices, with more than 115,000 systems still exposed online.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
