Security Firm Aura Discloses Data Breach Impacting 900,000 Records

Online safety platform Aura has disclosed a data breach resulting from a phone phishing attack targeting one of its employees. The phishing attack, the company says, provided the attackers with access to the employee’s account for approximately an hour. “Upon discovery, Aura immediately terminated access to the account and activated its incident response plan, engaged external cybersecurity and legal experts, and notified law enforcement,” the company said in an incident notice. The attackers, it says, accessed roughly 900,000 records, most of which represent names and email addresses stored in a marketing tool “used by a company Aura acquired in 2021”. The compromised information, the company says, includes the names, email addresses, addresses, and phone numbers of roughly 20,000 current and approximately 15,000 former customers. “No Social Security numbers, passwords, or financial information were compromised,” Aura’s notice reads. Sensitive customer information, the company explains, is stored encrypted, and access to it is highly restricted. “Aura’s systems have been purpose-built to limit the potential exposure of customer information in the event of a breach, including organizational, technical, and physical safeguards that worked as designed in this incident,” the notice reads. Aura has started notifying the impacted customers and will provide them with the necessary support, but claims these individuals are not exposed to “significantly elevated” risk. The company did not say when the attack occurred or who might be responsible for it. SecurityWeek has emailed Aura for additional information on the matter and will update this article if the company responds. Based in Burlington, MA, Aura provides consumer cybersecurity solutions such as identity theft protection, fraud protection, and network and device protection.   Related: Robotic Surgery Giant Intuitive Discloses Cyberattack Related: Security Firm Executive Targeted in Sophisticated Phishing Attack Related: Loblaw Data Breach Impacts Customer Information Related: Starbucks Data Breach Impacts Employees WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations Manifold Raises $8 Million for AI Detection and Response Apple Debuts Background Security Improvements With Fresh WebKit Patches Tech Giants Invest $12.5 Million in Open Source Security Robotic Surgery Giant Intuitive Discloses Cyberattack 174 Vulnerabilities Targeted by RondoDox Botnet Tracebit Raises $20M for Cloud-Native Deception Technology Latest News Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury Marquis Data Breach Affects 672,000 Individuals Hacker Conversations: Ben Harris, From Unintentional Young Hacker to Intentional Adult CEO Russian APT Exploits Zimbra Vulnerability Against Ukraine Raven Emerges From Stealth With $20 Million in Funding CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks The Collapse of Predictive Security in the Age of Machine-Speed Attacks Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move SecurityBridge has promoted Holger Hügel to Chief Technology Officer. Armis has appointed Simon Mouyal as Chief Marketing Officer. Omada has named Jakob H. Kraglund as Chief Executive Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email