Cybersecurity Researcher Jeremiah Fowler discovered a database that lacked password protection as well as encryption, exposing 85,361 files (158 GB in total). The records included invoices, claims, and emails that contained policy holder names, addresses, phone numbers, email addresses, and other personally identifiable information (PII). The personal information of pets were also exposed, including their names, ages, breeds, medical histories, microchip numbers, and more. Partial credit card numbers were also found in veterinary invoices. 

According to the search, the information appears to belong to Rainwalk Technology, a pet insurance provider based in South Carolina. A responsible disclosure notice was sent to the organization, yet the database remained accessible for bout a month before becoming restricted from public access. No response was sent to Fowler’s notice. It is unknown if the database was owned and operated by the company or if a third party managed it. 

The exposure of PII is concerning, as it could enable phishing and social engineering attempts. While the exposure of pet-related data may seem harmless, these added details combined with an individual’s PII could lead to sophisticated, targeted attacks that leverage the personal data to appear legitimate.