Brought to you by:

Hollard acts on customer data concerns after cyber breach

A cyber incident at Hollard has affected some of the insurer’s customers, whose personal information may have been compromised.

The breach earlier this year involved “limited” systems used to support some of Hollard’s agency and broker partners, a spokesperson told insuranceNEWS.com.au.

“The systems were located in a third-party data centre isolated from the rest of the Hollard network,” the spokesperson said. “Once we became aware of the incident, immediate action was taken, activating our incident response plan and investigations with cybersecurity experts. The incident was quickly contained.

“We have continued to work with partners to ensure impacted individuals are fully supported.”

The spokesperson says the incident affected “a small proportion of Hollard-underwritten policies” and was “confined to a limited number” of agency partners and brokers.

“The relevant industry and cybersecurity regulators were notified,” the spokesperson said. “The security of our customers’ personal information is our utmost priority. We acknowledge the concern that incidents like this can cause and we are committed to continuing to support impacted parties.”

Hollard last provided an update on the data breach in May.

“Based on the findings of our investigation and a detailed data review, Hollard is directly notifying individuals where sensitive personal information may have been accessed,” the May update said.

“At this time, we are not aware of any unauthorised publication of information as a result of this incident and have monitoring measures in place to help detect any unusual activity.”

The data breach involved personal information associated with some insurance claims and policies, according to the May update.

Hollard policies distributed by partner agencies listed here may be affected.

The incident comes as regulators step up warnings over cyber threats facing financial services providers.

Statistics released on Monday show the number of breach notifications to the Office of the Australian Information Commissioner was a record 1205 last year, up 8% on 2024. Mandatory reporting began in 2018.

Hacking remains the primary cause of data breaches reported, and financial services entities made the most notifications by sector (157), followed by the Australian government (118).