Cybersecurity researcher Jeremiah Fowler has discovered an unprotected database containing 158 GB of sensitive customer data linked to South Carolina-based Rainwalk Technology, a provider of pet insurance.
The database was left exposed online without password protection or encryption and included more than 85,000 files detailing pet insurance claims, veterinary bills, and customer communications.
The exposed documents contained personally identifiable information (PII), including names, addresses, phone numbers, and email addresses, as well as partial credit card numbers. Many files also listed pet names, medical histories, breeds, ages, and microchip numbers, further increasing potential privacy risks.
According to Fowler, the database appeared to belong to Rainwalk Technology based on internal file references. He immediately issued a responsible disclosure notice to the company, but received no response, and the data remained accessible for nearly a month before being taken offline. It remains unclear whether the database was managed by Rainwalk directly or a third-party contractor, and how long it had been publicly exposed.
While U.S. privacy laws like HIPAA protect human health records, they do not cover pet data. However, when pet-related information is combined with owner details, it can become a valuable target for cybercriminals, enabling potential financial and phishing scams.
In some of the exposed communications, Rainwalk customers were advised to send their Venmo QR codes to receive payment for their claims. Such practices could theoretically enable man-in-the-middle (MITM) attacks or fraudulent claim submissions, where attackers might reroute reimbursements using genuine policy information.
Additionally, the exposure of pet microchip numbers raises concerns about potential scams. Fraudsters have been known to send fake renewal notices, tricking owners into paying fees to fraudulent websites — even though pet microchips never actually expire.
The breach highlights how seemingly harmless pet data, when linked with customer PII, can lead to real-world and digital security threats. With an estimated 7 million pets insured across North America as of 2024, the pet insurance industry continues to grow — and so does its attractiveness as a target for cybercriminals.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Rainwalk has not publicly commented on the incident, and there is currently no evidence that the exposed data has been misused. However, cybersecurity experts emphasize that transparency, encryption, and prompt incident response are crucial to protecting both customer trust and data integrity in the expanding pet insurance sector.
