Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses.

The company states that the incident was caused by a voice phishing attack targeting an employee, which exposed the sensitive data of 20,000 current and 15,000 former customers.

In a communication this week, Aura states that the data originated from a marketing tool used by a company acquired by Aura in 2021, which exposed limited information.