900,000 contact records exposed in Aura data breach

Aura, the online safety service, confirmed that an unauthorized party accessed about 900,000 records, mostly names and email addresses from a marketing tool linked to a company it acquired in 2021. The incident occurred as a result of a targeted phone phishing attack that tricked one of the employees.

Aura believes that contact information related to less than 20,000 active customers and less than 15,000 former customers was accessed.

According to Have I Been Pwned, the exposed data also includes IP addresses, phone numbers, home addresses and customer service comments. The company said there is no indication that Social Security numbers, passwords or financial information were compromised.

“Upon discovery, Aura immediately terminated access to the account, activated its incident response plan, engaged external cybersecurity and legal experts, and notified law enforcement,” the company said in its announcement.

The notorious hacking group ShinyHunters is believed to be behind the breach after claiming responsibility last week.

The company is in the process of notifying affected customers and will provide support where appropriate, noting that it does not expect the incident to significantly increase their risk. However, it acknowledged that it fell short of its standards and reaffirmed its commitment to earning customers’ continued trust.