Rainwalk Technology Data Breach Exposes Pet Insurance Customer PII, Clients Get Scam Emails
Published
- Unsecured database: A publicly exposed database containing 158 GB of data, allegedly belonging to Rainwalk Technology, was discovered.
- Sensitive data exposed: Over 85,000 files included customer names, addresses, phone numbers, partial credit card details, and sensitive pet medical information.
- Significant privacy risk: The exposure creates potential risks for fraudulent financial activity, phishing campaigns, and scams.
A significant cybersecurity incident has been reported involving the pet insurance provider Rainwalk Technology. A 158 GB database left unencrypted and publicly accessible without a password contained 85,361 files, including insurance claims, veterinary invoices, and internal customer communications.
Scope of PII and Pet Data Risks
The Rainwalk Technology pet insurance data breach included a substantial volume of personally identifiable information (PII) for policyholders. Exposed files contained:
- customer names,Â
- physical and email addresses,Â
- phone numbers,Â
- partial credit card numbers,Â
- pet names,Â
- pet medical histories,Â
- pet breeds,Â
- pet unique microchip numbers.
Cybersecurity researcher Jeremiah Fowler discovered the database and reported it to Website Planet after fraudulent emails were sent to customers. Despite a responsible disclosure notice being sent, the database reportedly remained exposed for nearly a month before access was restricted.Â
The origin of the misconfiguration, whether managed directly by Rainwalk or a third-party contractor, remains unconfirmed.
This combination of PII and pet data creates a heightened risk profile, as malicious actors can leverage the emotional bond between owners and pets to craft highly convincing social engineering attacks.
Preventive Action Suggested for Victims
Fowler told TechNadu that although these companies provide insurance as their core business, once they collect and store digital PII or PHI they become a technology company and must invest in cybersecurity and data protection.Â
When asked about proactive security measures similar companies must take to prevent misconfigured databases from being exposed, Fowler said, "Make sure you have a dedicated communication channel where researchers or even customers can report data incidents."
"This can save valuable time when there is a data exposure and every moment counts. Often, support staff are not trained to handle data and privacy issues. Conduct penetration and vulnerability testing regularly, including storage and backup services. This can help identify unauthorized access or a misconfigured database. Never store data longer than is needed. I often see companies store years' worth of data in one place, and this is a serious risk as PII can stay valid for many years."
Potential for Fraud and Targeted Scams
The exposure of detailed claim information, invoice amounts, and payment communications presents a tangible risk of financial fraud. A North American Pet Health Insurance Association (NAPHIA) report estimated that 7.03 million pets were insured in North America at the end of 2024.
Threat actors could potentially intercept reimbursement payments or launch man-in-the-middle (MITM) attacks by using legitimate claim details.Â
Furthermore, the risks associated with PII and pet data extend to targeted scams or phishing emails that appear authentic by referencing specific claim numbers, pet names, and veterinary details.Â
The exposure of microchip numbers also makes customers susceptible to known microchip registration renewal scams.Â
Last month, Singapore ordered Meta to implement anti-scam measures on Facebook under the new Criminal Harms Act.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular