Data Breach at Pet Insurance Provider Exposes Data of Owners and Their Pets

A recent data security snafu affecting a US-based pet insurance provider has exposed personal and sensitive data of both pet owners and their beloved animals via a non-encrypted and non-password-protected database.

What Happened

Cybersecurity researcher Jeremiah Fowler discovered a non-encrypted publicly accessible database belonging to Rainwalk Pet Insurance during a routine scan. According to his report, the non-password-protected database contained 85,361 files with a combined 158 GB of data, including insurance claims, veterinary bills, and corporate communications with customers.

The exposed data included customer names, physical and email addresses, phone numbers, pet names, microchip numbers, medical histories, and other sensitive information. Some of the exposed veterinary invoices even contained partial credit card numbers embedded in the records.

Fowler issued a responsible disclosure, but the database remained open for nearly a month before access was restricted. It’s unclear how long the data was exposed before detection, or if unauthorized parties accessed it before it was secured.

What are the risks to pet owners?

Pet data alone may seem harmless, but when combined with personally identifiable information (PII), it creates a more detailed user profile that can be used in highly targeted scams.

For example, pet microchips – unique identifiers tied to animal registries and owners – could be used in smishing scams (e.g. “Your pet’s registration is expiring. Pay this fee”). Thinking about additionally exposed information such as insurance claims, invoice amounts, dates, and policy data, scammers could also craft highly convincing emails impersonating the insurance provider or vet clinics.

“Remember that malicious actors could exploit the emotional bond between owners and their animals and use real data to make fraudulent attempts appear legitimate,” Fowler said. “As a standard practice, I advise to never click on links, download attachments, or provide payment or personal details without verifying the request first.”

What Affected Customers Should Do

• Be wary of unexpected emails, messages, or invoices referencing their pets, claims, or veterinary services.
• Verify communications with the insurance provider via known official channels (not via links in messages).
• Monitor credit card or bank statements for odd charges.
• Consider credit freezes or fraud alert services where available.
• Change passwords if using the same or similar credentials elsewhere.

How Bitdefender Can Help

Even when a company’s security slips up, you can still protect yourself — and your loved ones (furry or not). Bitdefender provides multiple layers of protection, helping you stay safe from breaches, scams, and phishing attempts.

Bitdefender Digital Identity Protection

Think of it as your personal data radar that monitors the web and dark web for exposed personal data, alerts you instantly if your credentials or identity appear in a breach, and helps you secure compromised accounts.

Bitdefender Scamio

Your AI-powered scam-detecting assistant that helps you spot fraud in seconds. Forward any suspicious message, email, or QR code to Scamio, and it will instantly tell you whether it’s safe — it’s perfect for catching fake “pet insurance” or “vet payment” scams before you click.

Bitdefender Link Checker

A free, easy-to-use tool that checks for danger in a website or link before you open it. Whether it’s a contest link, invoice, or refund form, Link Checker ensures you never walk into a phishing trap.