Home / Technology / Identity Firm Aura Suffers Data Breach, 900,000 Records Exposed
Identity Firm Aura Suffers Data Breach, 900,000 Records Exposed
19 Mar
Summary
- A hacker stole 900,000 records, primarily names and emails from marketing lists.
- An employee fell victim to a phone phishing attack, granting access for one hour.
- Less than 20,000 active customer records containing contact info were accessed.
US-based identity protection provider Aura has disclosed a significant data breach affecting approximately 900,000 records. The incident, which was flagged by Have I Been Pwned, was attributed to a successful phone phishing attack on an Aura employee. This allowed an unauthorized third party access to an employee's account for about an hour.
During that hour, the attacker accessed marketing lists, including names and email addresses from a tool acquired by Aura in 2021. The company stated that contact information for fewer than 20,000 active and 15,000 former customers was accessed, emphasizing that sensitive data like Social Security numbers, passwords, or financial details remained secure. The compromised information has reportedly been leaked online by the hacking group ShinyHunters.
Aura is currently notifying affected individuals and has stated its internal systems are built to limit exposure. The company expressed commitment to regaining customer trust following the incident.
