InfoSecBulletin Cybersecurity for mankind
Cybersecurity researcher Jeremiah Fowler found an unprotected database containing 158 GB of sensitive data, including pet insurance claims, veterinary bills, and customer communications with personal details like names, addresses, phone numbers, and partial credit card numbers.
The exposed database lacked password protection and encryption, containing 85,361 files and 158 GB of data. A sample revealed documents with pet owner details like names, addresses, and phone numbers, as well as pet information including names, medical histories, and partial credit card numbers.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The name of the database, along with information from its internalfiles, suggests the records belong to South Carolina-based Rainwalk Technology, which provides pet insurance.
Fowler said, Now the dataset is restricted, but before that it remained open for nearly a month.
According to a report by The North American Pet Health Insurance Association (NAPHIA), it is estimated that 7.03 million pets were insured in North America at the end of 2024. This represents a 12.2% increase from the 6.25 million total pets insured in 2023, amounting to nearly $5.2 billion in gross written premiums.
In the U.S., there are no direct privacy protections for pet data, since laws like HIPAA only apply to human health records. However, when pet information is combined with owner details (such as names, addresses, emails, and other PII), it could pose significant potential privacy risks.
Many pet owners have reported receiving emails about expiring microchip registrations. The emails urge them to pay a fake renewal fee on scam websites. These scams exploit pet owners’ worries about their pets’ safety by falsely claiming that their microchips need immediate renewal.
Fowler advised pet insurance companies and veterinary providers that handle personal data to treat all pet and owner information as sensitive. Encrypting documents is a basic first step to make them unreadable to unauthorized users and harder to decrypt if exposed. Using access controls with multifactor authentication and reviewing permissions can help protect against unauthorized access or accidental data leaks.
It is also a good idea to regularly test security measures, check for setup mistakes, and use tools to monitor and block unauthorized access to data storage.
If pet owners think their data might have been compromised, they should be cautious of unexpected messages about pets.
