The data leak occurred due to a cloud server misconfiguration and involved more than 56,000 documents, totaling 25 gigabytes in size.
In the latest cybersecurity incident, the private data of pet owners, dog microchip numbers, veterinarians, and testing laboratories affiliated with WALA (the Worldwide Australian Labradoodle Association) was leaked to the public.
WALA is a prominent worldwide dog breeding organization based in the United States. This breach occurred without any security authentication or password.
The incident was brought to light by cybersecurity researcher Jeremiah Fowler according to whom, the data leak was caused due to a cloud server misconfiguration at WALA. The leaky server exposed a trove of sensitive and personal information including over 56,000 documents with a total size of 25 gigabytes.
According to Fowler’s analysis, the exposed records included Personally Identifiable Information (PII) encompasses pet owners’ names, physical addresses, phone numbers, email addresses, dog microchip numbers and other medical-related information concerning the pets.
While WALA is an organization based in the United States, its customer base extends worldwide. The organization also maintains offices in various regions, including Asia, Europe, and Australia.
While having a broad customer base is advantageous for the company, it also highlights the significance of the database leak, which exposed user data of individuals across the globe. In a blog post, Fowler emphasized that the WALA data leak could have devastating consequences for affected users stating that,
“When we think of a data breach of health records, we may never consider the implications of pet medical data. However, there is a massive amount of money in the pet industry, and history has shown there are always potential risks when the possibility of financial gain is involved.”
Jeremiah Fowler
Potential Risks
Although it is unclear if Fowler was the only one to get their hands on the exposed server, if the information has been accessed by a third party with malicious intent, it can also pose a massive privacy threat for victims.
The compromised data poses several significant risks, including but not limited to:
- Tracking: Although highly unlikely, threat actors could potentially combine the information, especially microchip numbers for dogs, to track pets and engage in theft.
- Pet Insurance Fraud: With access to comprehensive information about pets and their owners, malicious actors could exploit the data to commit pet insurance fraud, creating false claims or manipulating existing policies.
- Identity Theft: The vast array of personal information exposed in the breach puts individuals at risk of identity theft. This information could be misused for various fraudulent activities, jeopardizing the financial and personal well-being of the affected parties.
- Other Security Threats: The breach opens the door to an array of potential threats, including phishing attacks, financial scams, and other malicious activities that capitalize on the compromised data.
Expert Advice
At Hackread.com, we collaborate with researchers like Jeremiah Fowler to raise awareness about cybersecurity incidents and threats. We advise all WALA affiliates, including pet owners, veterinarians, and testing laboratories, to monitor their financial accounts, be cautious of unsolicited communications, and consider implementing additional security measures to mitigate the potential fallout from this extensive data exposure.