Hollard

Contained cyber incident

Updated 10/04/2026

An important update regarding some broker and agency insurance policies underwritten by Hollard. 

Hollard is investigating a cyber incident relating to isolated systems used by Hollard to support some of our broker and agency partners. We are aware the incident involves personal information associated with some insurance claims and policies. The systems are located in a third-party data centre isolated from the rest of the Hollard network, and we are working closely with cyber security experts to identify impacts. 

This does not impact all Hollard underwritten policies. At this stage, this incident is confined to some policies purchased through our agency and broker partners. 

A list of agency partners who may be impacted can be found here.   

We are working to investigate the incident, understand what has occurred and the extent of the impact. 

Hollard underwrites a range of insurance products across motor, home, bicycle, pet and business insurance. We are providing this update as part of our efforts to keep potentially impacted customers informed while our investigation continues. 

Whilst our investigation is still determining the full extent of the impact through a detailed investigative process, we are working with partners to direct individual customers to this page to ensure they are aware they may have been impacted. 

We understand this information may be concerning and want to assure you that we are treating this matter with the utmost seriousness. 

What happened? 

On 23 March, we identified an incident involving isolated systems used by Hollard to support some of our broker and agency partners. Upon discovering the incident, we mobilised our incident response team.  

This incident has not affected other parts of Hollard’s IT environment, emails, or claims handling. 

What information may be involved? 

Based on our initial findings, we’re aware that personal information relating to policies and claims stored in the affected systems may have been impacted.  

The types of information that may have been stored in the impacted systems include details typically provided by customers, such as contact information, policy details, and claim-related details. Not all individuals will have had the same information held, and the specific information involved may vary. 

The scope of impacted information remains under review, and we are working as a priority to determine which individuals have been impacted and what information was involved in each record. 

What action have we taken? 

Protecting customer information is a priority for Hollard. In response to this incident, the following steps have been taken: 

  • We are working with cyber security and incident response experts to assist with the investigation and remediation.
  • We have notified the Australian Prudential Regulation Authority (APRA), the Australian Cyber Security Centre (ACSC), the National Office of Cyber Security (NOCS), and the Office of the Australian Information Commissioner (OAIC). 

What happens next? 

Our investigation and data review are ongoing. Once these processes are complete, we will notify individuals where sensitive personal information is confirmed to have been impacted and will support them through this process.  

This webpage will be regularly updated as more information becomes available.  

If you have specific questions or concerns in the meantime, please don't hesitate to get in touch with our dedicated support team on 1800 316 446

Thank you for your patience and understanding.

Regards, 

 

The Hollard Team  

What steps can I take to protect my information?

We have outlined some general cyber safety guidance below. These steps are important whenever contact information may have been impacted. 

We recommend you remain vigilant against the risk of phishing emails and scams. 

Scam calls and phishing emails are becoming increasingly sophisticated and can appear to come from legitimate email addresses or phone numbers with local area codes. They will often claim to be contacting you from a reputable organisation, such as a government entity, bank, or telecommunications agency. They will also create a sense of urgency to try to get you to disclose sensitive information or to elicit funds from you. 

It is important to:  

  • be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with;
  • when on a webpage asking for your login credentials, take note of the web address or URL ('Uniform Resource Locator'). The URL is located in the address bar of your web browser and typically starts with https://;
  • if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password;
  • enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;
  • ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts; 
  • check the strength of your passwords and whether they have been involved in any data breaches on the NSW Government password checker website (this tool can be used by all Australians and is not restricted to those living in New South Wales): https://www.nsw.gov.au/id-support-nsw/passwords;
  • refer to the Have I been Pwned website to check if your email or phone has been caught in a data breach: https://haveibeenpwned.com/; and
  • follow the Australian Competition and Consumer Commission's Scamwatch guidance for protecting yourself from scams here: https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/

For more information, you can visit the OAIC’s tips for further guidance about protecting your identity: https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/