"Upon discovery, Aura immediately terminated access to the account and activated its incident response plan, engaged external cybersecurity and legal experts, and notified law enforcement. The attackers accessed roughly 900,000 records, most of which represent names and email addresses stored in a marketing tool used by a company Aura acquired in 2021."
"The compromised information includes the names, email addresses, addresses, and phone numbers of roughly 20,000 current and approximately 15,000 former customers. No Social Security numbers, passwords, or financial information were compromised. Sensitive customer information is stored encrypted, and access to it is highly restricted."
"Aura's systems have been purpose-built to limit the potential exposure of customer information in the event of a breach, including organizational, technical, and physical safeguards that worked as designed in this incident. Aura has started notifying the impacted customers and will provide them with the necessary support."
Online safety platform Aura disclosed a data breach resulting from a phishing attack targeting an employee's account. The attackers gained access for approximately one hour before Aura discovered and terminated the unauthorized access. The breach exposed roughly 900,000 records, primarily from a marketing tool used by a company Aura acquired in 2021. Approximately 20,000 current and 15,000 former customers had their names, email addresses, physical addresses, and phone numbers compromised. No Social Security numbers, passwords, or financial information were exposed. Aura implemented security safeguards that limited exposure, including encryption and restricted access controls. The company activated its incident response plan, engaged external cybersecurity experts, and notified law enforcement. Affected customers are being notified and offered support, though Aura states they face no significantly elevated risk.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]