"Cybersecurity Researcher Jeremiah Fowler discovered a database that lacked password protection as well as encryption, exposing 85,361 files (158 GB in total). The records included invoices, claims, and emails that contained policy holder names, addresses, phone numbers, email addresses, and other personally identifiable information (PII). The personal information of pets were also exposed, including their names, ages, breeds, medical histories, microchip numbers, and more."
"According to the search, the information appears to belong to Rainwalk Technology, a pet insurance provider based in South Carolina. A responsible disclosure notice was sent to the organization, yet the database remained accessible for bout a month before becoming restricted from public access. No response was sent to Fowler's notice. It is unknown if the database was owned and operated by the company or if a third party managed it."
"The exposure of PII is concerning, as it could enable phishing and social engineering attempts. While the exposure of pet-related data may seem harmless, these added details combined with an individual's PII could lead to sophisticated, targeted attacks that leverage the personal data to appear legitimate."
A database lacked password protection and encryption, exposing 85,361 files (158 GB) containing invoices, claims, emails, and personally identifiable information for policyholders and pets. Exposed human data included names, addresses, phone numbers, email addresses, and other PII; exposed pet data included names, ages, breeds, medical histories, microchip numbers, and more. Partial credit card numbers appeared in veterinary invoices. The information appears linked to Rainwalk Technology, a South Carolina pet insurance provider, though ownership or third-party management is unclear. A responsible disclosure notice was sent, the database remained publicly accessible for about a month before restriction, and no response was received. The exposure raises risks of phishing and targeted social-engineering attacks.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]