Rental car insurer Prosura confirms cyber incident as alleged threat actor contacts victims

“We are also aware that some customers have received fraudulent emails relating to older, completed policies. These messages may include claims about the incident and may instruct recipients to contact a third-party email address.”

According to the listing, compromised data from the incident could include names, phone numbers, email addresses, residence country, invoicing, pricing data, travel destinations and policy start and end dates.

“Claim data may also have been compromised, including driver’s licences and related images,” Prosura said.

“Importantly, there is no indication that payment information (including credit card details) have been accessed. Prosura does not store credit card details.”

The company is currently investigating and working with third-party cyber security experts.

While the threat actor was not identified by the company, an email sent to victims of the breach on Saturday from someone claiming to have been responsible said the beach occurred on New Year’s Day and that the incident “not only crippled its systems but also leaked all consumer information, including full names, email addresses, phone numbers, invoices, and much more,” as seen by the ABC.

VIEW ALL

“I [the hacker] attempted to reach out to Hiccup to try to patch this issue and possibly claim a bug bounty,” they said.

“What brings me back to this exploit today is the fact that they have completely ignored my message and left the vulnerability open, which is insane.”

The threat actor urged Prosura to reach out and “get this sorted”.

“I’m done playing this game with you. We need to get this resolved, or everything will be leaked and ended here.”