Cybersecurity researcher Jeremiah Fowler found a misconfigured database belonging to Rainwalk Pet, a South Carolina-based firm, and reported it to Website Planet, which verified the exposure according to the research.
The database was not password-protected or encrypted and reportedly exposed about 158 GB of data across roughly 85,361 files. The files included sensitive records such as pet insurance claims and veterinary bills and contained customer names, phone numbers, physical and email addresses and partial credit card numbers, as well as pet names, breeds, medical histories and microchip numbers.
Fowler sent a disclosure notice to Rainwalk immediately, but the database remained accessible for almost a month before it was secured, the article said. It remains unclear how long the data was exposed or whether any third party accessed it.
The combination of owner personal identifying information and pet records creates privacy and financial risks, the article noted. The piece cites broader research suggesting most cybercrime is financially motivated; see the PDF for context. Fraudsters could exploit veterinary bills and claim details to submit fraudulent insurance claims or commit other financially motivated schemes.
Exposure of microchip numbers raises additional concerns because scammers have previously targeted owners with fake renewal requests, the article said. Fowler also noted a refund process described by some customers that involved sending a Venmo QR code, a practice that could allow criminals to intercept reimbursement payments if abused.
To reduce risk, Fowler advised pet insurance firms to secure data with encryption and proper access controls and recommended customers verify the identity of anyone claiming to represent a company and communicate only through official channels.