Identity protection firm Aura confirms data breach after employee falls for voice phishing

Aura, a leading provider of intelligent digital safety and identity theft protection, has confirmed a significant security breach that exposed approximately 900,000 records. The company, which markets itself as a shield against the very type of cybercrime it recently fell victim to, attributed the incident to a "targeted phone phishing attack" (vishing) against one of its employees.

The breach, first flagged by the notification service Have I Been Pwned on March 18, 2026, allowed an unauthorized third party to access an employee's account for approximately one hour.

During this window, the attacker exfiltrated a 12GB dataset containing personal information, which has since been leaked online by the notorious hacking group ShinyHunters.

Marketing data exposed

In an official statement, Aura clarified that the vast majority of the 900,000 records originated from a marketing tool used by a company Aura acquired in 2021. While the core databases supporting Aura’s identity theft protection application remained untouched, the leaked marketing files contained:

• Full names and email addresses for the bulk of the records

• Home addresses and phone numbers for roughly 20,000 active and 15,000 former customers

• IP addresses and customer service notes for certain individuals

"While we make every effort to ensure our customers have peace of mind, we recognize that in this case we did not live up to that standard," the company said. Aura emphasized that sensitive data provided for monitoring, such as Social Security Numbers, financial information, and account passwords, was not compromised as it is stored in a highly restricted, encrypted environment.

The "vishing" threat and extortion demands

The group claiming responsibility, ShinyHunters, allegedly attempted to extort Aura before dumping the data on their leak site. The group stated they "failed to reach an agreement" with the firm, leading to the public release of the files.

Security experts warn that even though "crown jewel" data like SSNs remained safe, the specific combination of names, physical addresses, and phone numbers in the leak is highly optimized for follow-up social engineering.

Attackers can use these details to craft extremely convincing "vishing" calls, posing as bank representatives or tech support to gain deeper access to victims' lives.

Aura has activated its incident response plan, engaged external cybersecurity experts, and notified law enforcement. Affected customers will receive personalized notifications, though the company maintains that the incident does not pose an "ongoing risk" to its current services.