aura.com data breach

aura.com

What Happened

In March 2026, identity protection company Aura disclosed a data breach exposing approximately 900,000 records after an employee fell victim to a voice phishing attack that granted an unauthorized third party access to their account for roughly one hour. The exposed data primarily consisted of names and email addresses from a legacy marketing database acquired by Aura in 2021, though contact information including home addresses and phone numbers was also compromised for fewer than 35,000 current and former customers. The cybercriminal group ShinyHunters claimed responsibility for the breach, alleging they stole 12GB of files containing personally identifiable information and corporate data, and subsequently leaked the information after failing to extort a ransom from the company. Aura emphasized that no sensitive data such as Social Security numbers, financial information, passwords, or credit records were compromised, and the company engaged external cybersecurity experts and notified law enforcement while beginning to contact affected individuals.

Compromised Assets

  • email
  • password
  • full name
  • phone
  • ip

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches