Aura Data Breach Exposes Over 2 Million Records

Aura, a digital security company that offers identity and privacy protection services, is facing a reported data breach that may involve over two million records. A threat actor posted claims about the breach on the dark web on March 11, 2026.

According to the dark web posting, the stolen records allegedly contain personally identifiable information (PII) and internal corporate data.

What is known about the breach

On March 11, 2026, a well-known threat actor called ShinyHunters posted on a Tor-based dark web forum claiming to have compromised the systems of Aura Group Inc. ShinyHunters is a name that has appeared in connection with several high-profile data breaches in recent years. In this case, the group alleged it had obtained over two million records from the company.

According to the dark web posting, the stolen data includes personally identifiable information and internal corporate data.

The specific types of PII that may have been exposed, according to the posted statement on the company's website,are confirmed to be contact information such as name, email, home address, phone number. The company further claims that no Social Security numbers, passwords, or financial information were compromised.

It is also not confirmed exactly when the breach took place, how the company discovered the incident or how the attackers may have gained access to the company's systems.

Steps to take if your information was exposed

Monitor credit reports. Consumers can request free copies of their credit reports from Equifax, Experian and TransUnion through AnnualCreditReport.com. Reviewing these reports regularly can help people spot unfamiliar accounts or inquiries that may indicate fraud.

Consider placing a fraud alert. A fraud alert tells creditors to take extra steps to verify a person's identity before opening new accounts. Consumers can place a free fraud alert by contacting any one of the three major credit bureaus, and that bureau is required to notify the other two.

Consider a credit freeze. A credit freeze restricts access to a person's credit file, making it harder for someone to open new accounts in that person's name. Freezes are free and can be placed and lifted at any time by contacting each of the three bureaus individually:

• Equifax: 1-800-685-1111
• Experian: 1-888-397-3742
• TransUnion: 1-888-909-8872

Change passwords and enable two-factor authentication. Anyone with an Aura account should update their password right away. They should also turn on two-factor authentication if they have not already done so. It is a good idea to use a unique, strong password that is not shared with any other accounts.

Watch for phishing attempts. After a data breach, scammers sometimes send emails, text messages or phone calls that reference the breach by name. These messages may try to trick people into clicking harmful links or sharing additional personal information. Consumers should be cautious of any unsolicited messages that claim to be from Aura or that reference this breach, especially if they ask for sensitive details like passwords or Social Security numbers.

Monitor bank and credit card statements. Even though the full scope of exposed data has not been confirmed, it is wise for affected individuals to keep a close eye on their financial accounts. Any unfamiliar charges or transactions should be reported to the relevant financial institution immediately.

Consider an IRS Identity Protection PIN. If there is any chance that Social Security numbers were part of the exposed data, individuals may want to request an Identity Protection PIN from the Internal Revenue Service. This six-digit number helps prevent someone else from filing a fraudulent tax return using another person's Social Security number.

Consumers who want the latest information about this incident should check Aura's public statement for updates. As more details become available, affected individuals will be better positioned to understand the specific risks and take the most appropriate protective measures.