Pet insurance provider Rainwalk Technology leaks customer and pet data
Learn More
Cybersecurity researcher Jeremiah Fowler discovered an unencrypted publicly accessible database containing 158 GB of sensitive pet insurance data.
The database contained 85,361 files, belonging to South Carolina-based Rainwalk Technology, a pet insurance provider that offers coverage for accidents and illnesses including reimbursement for veterinary bills and virtual vet consultations.
The database remained exposed for nearly a month after Fowler's initial responsible disclosure notice before public access was finally restricted. Fowler did not receive any response to his disclosure notification. It's not clear whether the database was managed directly by Rainwalk Technology or by a third-party contractor.
The exposed data includes:
- Pet owner and policy holder names
- Physical addresses
- Email addresses
- Phone numbers
- Partial credit card numbers
- Pet names, ages, and medical histories
- Pet breeds
- Microchip numbers
- Insurance claims information and claim numbers
- Veterinary bills and invoices
- Customer communications and email correspondence
- Venmo QR codes for payment reimbursements
- Monetary amounts and reimbursement data
The number of affected individuals has not been disclosed.
The presence of real claims data, including claim numbers, account holder names, pet information, and monetary amounts, could enable frauds and scams. Rainwalk Technology has not commented on the reported incident.
