High Identity Protection / Cybersecurity · March 2026

Aura

Aura, an identity protection and digital privacy company, confirmed a data breach exposing approximately 900,000 marketing contacts. The breach is notable given the company’s core business of protecting customers from identity theft and privacy violations.

Records Affected

Approximately 900,000

Sector

Identity Protection / Cybersecurity

Data types exposed

Names Email Addresses Marketing Contact Data
Aura, a company that sells identity theft protection and digital privacy services, confirmed a data breach exposing 900,000 marketing contacts in March 2026.
The exposure of marketing contact data from a company whose entire value proposition centres on protecting customers from data breaches has drawn significant commentary from the security community.
While marketing contact data is less sensitive than the financial or identity data Aura protects for its customers, the incident underscores that no organisation is immune to data security failures, regardless of its industry focus.

What a high-severity breach means

A high-severity breach means sensitive personal or account data was exposed and could be abused for fraud, account takeover, or targeted phishing. Affected individuals should treat it as time-sensitive.

Data exposed and why it matters

Names

Names alone are low-risk, but combined with other exposed fields they make phishing and impersonation more believable.

Email addresses

Exposed email addresses fuel targeted phishing and credential-stuffing. Be sceptical of unexpected messages referencing this incident and never enter passwords via emailed links.

Marketing Contact Data

This data can be combined with other exposed information to build a fuller profile of you, increasing the risk of targeted scams.

If you may be affected

  • Be extra wary of emails, calls, or texts that reference this incident — attackers use breach news to make phishing more convincing.
  • Use a password manager so every account has a unique, strong password.
  • Keep an eye on official communications from Aura for confirmed guidance and remediation offers.

Frequently asked questions

Was Aura affected by a data breach?

Yes. This high-severity incident affecting Aura (Identity Protection / Cybersecurity sector, March 2026) has been triaged from publicly available information. A high-severity breach means sensitive personal or account data was exposed and could be abused for fraud, account takeover, or targeted phishing. Affected individuals should treat it as time-sensitive.

What data was exposed in the Aura breach?

Based on available reporting, the exposure involved Names, Email Addresses and Marketing Contact Data. Review the "Data types exposed" section above for the full list, and treat any account tied to this data as potentially at risk.

How many people were affected by the Aura breach?

Current reporting indicates Approximately 900,000 were involved. Figures for breaches often change as investigations progress, so check back for updates.

What should I do if I use Aura?

Be extra wary of emails, calls, or texts that reference this incident — attackers use breach news to make phishing more convincing. Use a password manager so every account has a unique, strong password. See the "If you may be affected" checklist above for the full set of recommended steps.

Monitoring exposure like this

ScruteX continuously monitors data breaches, leaked credentials, and dark-web exposure so organisations learn when their people, brand, or supply chain are caught up in an incident like this — often before it is widely reported. Explore how ScruteX tracks digital risk across the open, deep, and dark web.