Aura Data Breach Affects 900,000 Records
Aura Data Breach Exposes 900,000 Records
A data breach at online safety platform Aura has exposed approximately 900,000 records, the company has disclosed.
Phishing Attack and Compromised Information
The breach occurred when an employee fell victim to a phone phishing attack, granting the attackers temporary access to the employee’s account. Aura reported that the phishing attack lasted for about an hour, during which time the attackers accessed a marketing tool used by a company Aura acquired in 2021.
The compromised information includes names, addresses, and phone numbers of around 20,000 current and 15,000 former customers. However, the company emphasized that no Social Security numbers, passwords, or financial information were compromised, as sensitive customer information is stored encrypted and access to it is highly restricted.
Incident Response and Support
Upon discovering the breach, Aura immediately terminated access to the compromised account and activated its incident response plan. The company also engaged external cybersecurity and legal experts and notified law enforcement.
Aura has begun notifying affected customers and will provide them with necessary support, although the company claims that these individuals are not exposed to significantly elevated risk.
Importance of Employee Education and Awareness
The breach highlights the importance of employee education and awareness in preventing phishing attacks, which can have serious consequences for companies and their customers.
As cyber threats continue to evolve, it is crucial for organizations to prioritize robust security measures and incident response plans to mitigate the impact of potential breaches.