Australian insurance provider Prosura is investigating a cyber incident after detecting unauthorized access to parts of its internal systems, which has resulted in fraudulent emails being sent to some customers. The Prosura cyberattack, identified in early January, led the insurer to temporarily shut down key online services while it works to secure its systems and determine the full extent of the breach.
Prosura confirmed that it first identified the cyberattack on Prosura on January 3, 2026. In a media statement, the company said it discovered “unauthorized access to parts of our systems” and acted immediately to limit further risk.
“As a precaution, we have temporarily disabled the ability to purchase a policy, submit or manage a claim, or administer an existing policy via our self-service portal while we investigate and secure our environment,” Prosura said.
A subsequent Security Incident Update issued on Thursday, 8 January, provided additional clarity. According to the insurance provider, an unknown third party gained unauthorized access to a portion of its internal IT systems. Prosura also acknowledged that it was aware of online activity related to the incident and was prioritizing efforts to verify those claims.
While services remain offline, Prosura said it is conducting an urgent review of its systems and deploying additional security measures to prevent a recurrence of the Prosura cyberattack.
Fraudulent Emails Linked to the Prosura Cyberattack
Alongside the system intrusion, Prosura reported that some customers received fraudulent emails connected to their existing or completed policies. These messages may reference the cyberattack on Prosura and instruct recipients to contact a third-party email address.
The insurer urged customers not to respond to these emails, not to contact any external addresses mentioned, and to avoid clicking on links or opening attachments in unexpected messages. Customers were also advised to remain alert to phishing attempts via email, phone calls, or text messages that may use personal information to appear legitimate.
Customer Information Potentially Impacted
Based on its investigation so far, Prosura believes some customer data may have been accessed during the cyberattack. The information potentially affected includes names, email addresses, phone numbers, country of residence, travel destinations, invoicing and pricing details, as well as policy start and end dates.
For customers who have previously made claims, the breach may also have exposed additional claim-related information. This could include driver’s licenses and associated images that were submitted as part of supporting documentation.
Prosura noted that there is no evidence that payment data was compromised. “Importantly, there is no indication that payment information (including credit card details) have been accessed,” the company stated, adding that it does not store credit card details within its systems.
Regulatory Notifications and Ongoing Response
The insurance provider confirmed it has notified both the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, and will alert other regulatory bodies as required. Prosura is also working with external cybersecurity specialists to investigate what happened, strengthen system security, and monitor for further developments.
“We are taking this incident extremely seriously. We will work with specialist cybersecurity experts to investigate what happened, secure our systems, and restore services safely,” the company said.
Despite the disruption, Prosura reassured customers that active policies remain valid. Policyholders with upcoming travel plans were advised that they can proceed as planned, as policy validity has not been affected by the incident. Customers needing claim support were instructed to contact Prosura directly via its official support email with “Claim” included in the subject line.
Company Apology and Next Steps
In a statement signed by Managing Director Mike Boyd, Prosura acknowledged the concern caused by the incident. “We know this is concerning, and we are sorry this has happened,” Boyd said. “Our focus is on protecting our customers, supporting those affected, and restoring services safely.”
Prosura said it will contact impacted parties directly once it confirms what information was involved and will provide further guidance and support as required. The company added that it will continue to issue updates as new facts emerge, noting that premature disclosures could lead to misinformation.
As the Prosura cyberattack investigation continues, the insurer has reiterated its advice for customers to stay vigilant, avoid suspicious communications, and rely only on official updates published through Prosura’s website and direct customer communications.
