AURA has disclosed a data breach caused by a targeted phone phishing attack against one of its employees. According to Aura, the phishing gave attackers access to the employee’s account for approximately an hour, after which access was terminated and its incident response plan activated. The attackers accessed roughly 900,000 records, the majority of which were names and email addresses stored in a marketing tool that Aura had acquired in 2021.
The compromised information includes the names, email addresses, addresses, and phone numbers of around 20,000 current customers and about 15,000 former customers, while no Social Security numbers, passwords, or financial information were compromised. Aura states that sensitive customer information is stored encrypted and access is highly restricted, and the firm has begun notifying impacted individuals and offering support. The company did not specify when the attack occurred or who might be responsible.