Aura disclosed a data breach after a phone phishing attack gave attackers access to an employee’s account for about an hour. The intruders accessed roughly 900,000 records—mainly names and email addresses from a marketing tool tied to an acquired company—and Aura says no Social Security numbers, passwords, or financial information were compromised. #Aura #phonephishing
Keypoints
- A phone phishing attack compromised an employee account for approximately one hour.
- Attackers accessed about 900,000 records, primarily names and email addresses from a marketing tool.
- Roughly 20,000 current and 15,000 former customers had names, emails, addresses, and phone numbers exposed.
- Aura terminated access, activated its incident response plan, engaged external experts, and notified law enforcement.
- Aura reports sensitive customer data is encrypted and says no SSNs, passwords, or financial information were exposed while notifying impacted customers.
Read More: https://www.securityweek.com/security-firm-aura-discloses-data-breach-impacting-900000-records/