Aura Confirms Data Breach Affecting Nearly 900,000 Customers Following Vishing Attack
Identity protection firm Aura has disclosed a data breach exposing nearly 900,000 customer records, including names, email addresses, home addresses, and phone numbers. The incident stemmed from a voice phishing (vishing) attack targeting an employee, which compromised data from 20,000 current and 15,000 former customers.
The breach originated from a marketing tool used by a company acquired by Aura in 2021, which contained limited customer information. While Aura confirmed that Social Security Numbers (SSNs), passwords, and financial data were not accessed, the Have I Been Pwned (HIBP) service found that 90% of the exposed email addresses had already been compromised in prior breaches.
The ShinyHunters threat group claimed responsibility for the attack, alleging they stole 12GB of files containing personally identifiable information (PII) and corporate data. The group leaked the data after claiming Aura failed to negotiate with them. Aura has not commented on ShinyHunters’ assertions or reports of an Okta SSO compromise.
Aura is conducting an internal investigation with external cybersecurity experts and has notified law enforcement. Affected individuals will receive personalized notifications in the coming days. The company clarified that while 901,000 accounts were exposed, only 35,000 belonged to Aura customers, with the rest tied to the acquired firm’s legacy database.
Vendrive cybersecurity rating report: https://www.rankiteo.com/company/useaura
"id": "USE1773879944",
"linkid": "useaura",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '35,000 (Aura customers) + '
'866,000 (legacy database)',
'industry': 'Cybersecurity/Identity Protection',
'name': 'Aura',
'type': 'Identity Protection Firm'}],
'attack_vector': 'Vishing (Voice Phishing)',
'customer_advisories': 'Personalized notifications to be sent to affected '
'individuals',
'data_breach': {'data_exfiltration': '12GB of files (alleged by ShinyHunters)',
'number_of_records_exposed': '901,000',
'personally_identifiable_information': 'Names, email '
'addresses, home '
'addresses, phone '
'numbers',
'sensitivity_of_data': 'Moderate (No SSNs, passwords, or '
'financial data)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'description': 'Identity protection firm Aura disclosed a data breach '
'exposing nearly 900,000 customer records, including names, '
'email addresses, home addresses, and phone numbers. The '
'breach originated from a voice phishing (vishing) attack '
'targeting an employee, compromising data from 20,000 current '
'and 15,000 former customers. The ShinyHunters threat group '
'claimed responsibility, alleging they stole 12GB of files '
'containing PII and corporate data after Aura failed to '
'negotiate with them.',
'impact': {'data_compromised': 'Names, email addresses, home addresses, phone '
'numbers',
'identity_theft_risk': 'High',
'payment_information_risk': 'None',
'systems_affected': 'Marketing tool (legacy system from acquired '
'company)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Alleged by ShinyHunters',
'entry_point': 'Vishing attack on employee'},
'investigation_status': 'Ongoing (Internal investigation with external '
'experts)',
'motivation': 'Extortion/Negotiation Failure',
'ransomware': {'data_exfiltration': 'Alleged (12GB of files)'},
'references': [{'source': 'Have I Been Pwned (HIBP)'}],
'response': {'communication_strategy': 'Personalized notifications to '
'affected individuals',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'External cybersecurity experts'},
'threat_actor': 'ShinyHunters',
'title': 'Aura Data Breach Affecting Nearly 900,000 Customers Following '
'Vishing Attack',
'type': 'Data Breach'}