Aura has confirmed that an unauthorized person accessed customer data after an employee was targeted in a voice phishing attack.
The company said the breach exposed information tied to about 20,000 current customers and 15,000 former customers. Aura also clarified that the much larger dataset of nearly 900,000 records reported elsewhere was not made up of Aura user accounts. According to the company, those records came from a marketing list, which included contact information for some current and former Aura customers. Aura said its user accounts were not accessed.
Aura explained that the exposed data came from a marketing tool used by a company it acquired in 2021. Because of that, much of the information was inherited from older systems rather than collected directly from current Aura operations.
Aura is known for offering digital safety services such as identity theft protection, fraud monitoring, credit monitoring, and online security tools designed to help people stay safe from scams and phishing.
The cybercrime group ShinyHunters has claimed responsibility for the attack. The group said it stole 12GB of files containing customer personal information as well as internal corporate data. It later leaked the files online, claiming Aura did not agree to its demands.
According to Aura, the exposed information includes full names, email addresses, home addresses, and phone numbers. The company said Social Security numbers, passwords, and financial details were not affected.
Have I Been Pwned has also reviewed the leaked data and added it to its database. The service said customer service comments and IP addresses were included as well. It also noted that around 90 percent of the exposed email addresses had already appeared in previous data breaches.
There was some confusion over the number of people affected. Have I Been Pwned reported just over 901,000 accounts, while Aura said its own customer count was much lower. The difference appears to come from older records stored in the inherited marketing database. Aura said only about 35,000 of the records were tied to current or former Aura customers.
The company has not provided further comment on claims made by ShinyHunters, including allegations about an Okta single sign-on compromise.
Aura said it is now carrying out a detailed internal investigation with the help of outside cybersecurity experts. It has also notified law enforcement and plans to send personalized alerts to everyone affected.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Update: Aura says the reported 900,000 records were from a marketing list, not Aura user accounts. The company says only about 35,000 records were tied to current or former customers, and user accounts were not accessed.
