A large amount of private data belonging to pet owners and their animals was left exposed after a database from Rainwalk Pet, a South Carolina-based firm, was found publicly accessible online.
Cybersecurity researcher Jeremiah Fowler discovered the misconfigured database and reported it to Website Planet, which verified the exposure. The open database reportedly contained sensitive customer information, though the full extent of the leak has not yet been confirmed.
The database, which was not password-protected or encrypted, reportedly exposed 158 GB of data containing around 85,361 files, including sensitive records such as pet insurance claims and veterinary bills.
For customers, the breach exposed names, phone numbers, physical and email addresses, and even partial credit card numbers. Details about the pets were also included, such as their names, breeds, medical history, and microchip numbers. Here are some screenshots of exposed data shared by the researcher:
Fowler immediately sent a disclosure notice to Rainwalk, but the database remained accessible for almost a month before it was secured. It remains unclear how long the data was exposed or if a third party with malicious intent accessed it. The research detailing this exposure was shared with Hackread.com.
The Financial Threat
The combination of pet and owner data creates serious privacy and financial risks. Unlike human health records, there are no direct privacy laws, like HIPAA, for pet information. However, when pet details are connected to personal identifying information (PII), it becomes an attractive target for cyber criminals.
Recent research (PDF) shows that most cybercrimes are financially motivated. With veterinary bills sometimes reaching thousands of dollars, there is also risk for the company itself, which could face financial losses if criminals exploit the data to submit fraudulent insurance claims.
The exposure of microchip numbers adds another concern. As seen in previous incidents, thousands of pet owners have already been targeted by scam emails claiming their pet’s microchip needs to be “renewed” for a fee, even though microchips never expire.
Staying Safe
Another risk to owners involves how the company handles refunds. Fowler noted that some emails from customers suggested they could receive refunds via Venmo by sending their QR code to the company. This process could allow criminals to intercept payments by inserting their own information to steal a customer’s reimbursement money.
It is also common for scammers to exploit the emotional bond between owners and their animals to make their messages seem believable. They could send fake invoices that appear legitimate by referencing genuine claim amounts or dates.
To prevent such scams, Fowler advises pet insurance companies to secure data through encryption and proper access controls. For customers, he recommends verifying the identity of anyone claiming to represent the company and communicating only through official channels.
