Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pet Owners. Show all posts

WALA's Shocking Data Leak: 25GB of Personal Information from Pet Owners Revealed

 


The Worldwide Australian Labradoodle Association (WALA) has been the target of a new cyberattack in which private data of pet owners, pet microchip numbers, veterinarians, and testing laboratories affiliated with WALA have been leaked to the public as a result of the latest cybersecurity incident. WALA is a prominent worldwide dog breeding organization based in the United States. No security authentication or password was used for this breach to occur. 

Security researcher Jeremiah Fowler was the one who brought the incident to light. Fowler explained that the data leak occurred as a result of a misconfiguration of the WALA cloud server. There were approximately 56,000 documents that were exposed in the leaky server, together with a size of 25 gigabytes, which represented a trove of sensitive and personal information. 

Fowler's analysis concluded that the exposed records contained PII information, which can include names, addresses, phone numbers, email addresses, microchip numbers, and other medical-related information regarding the owners of the pets, the records also contained other medical information about these pets. 

An openly available cloud storage database contained 56,624 files in formats such as .pdf, .png, and .jpg, all with sizes of 25 GB, and which were stored as a total of 25,512,680 documents. The database appears to belong to a group called the Worldwide Australian Labradoodle Association (WALA). This was further investigated upon finding out who owned the database. 

Australian Labradoodles is a breed that is promoted by an international breed organization dedicated to breeding. There is a large number of members and affiliate breeders in WALA across the world, however, the organization's main office is located in the state of Washington, United States. In addition to its headquarters in the United States, WALA has regional offices throughout the world, namely Australia, Europe, and Asia. 

It is, by definition, a non-profit organization, which brings together Australia's Australian Labradoodle breeders worldwide, and in particular its members are committed to ensuring the long-term success of the breed through the stabilization of high breeding standards, and the building of a comprehensive and accurate pedigree repository, as well as the preservation of health records. 

Documents contained in the package included health reports, DNA tests, and a pedigree or lineage history of all of the dogs that showed the offspring, parents, grandparents, and so on. It was also found in the files that the information about the dogs' owners, veterinarians, and testing laboratories was also included, and that other information was also included, such as the digital chip numbers or the tattooed identification numbers of the dogs. 

There are many kinds of documents with names, addresses, phone numbers, and email addresses in them. It all depends on what the document is about. Pet medical data has a lot of implications that have never been considered when users think of a data breach involving health records. The pet industry generates tremendous amounts of money every year, and history has shown that there is always an element of risk involved when there is a possibility of making money. 

Approximately 67% of US households - or 85 million families - own one or more pets which is about the number of households in this country. This means that they spend about 123.6 billion U.S. dollars a year on pets, according to the American Pet Products Association (APPA). Pet insurance policies typically cover accidents, illnesses, and, in some cases, routine care. 

Additionally, certain policies even provide coverage for hereditary conditions and wellness check-ups, ensuring comprehensive protection for your beloved pet's health. It is crucial to consider the potential risks associated with a data breach in the context of pet insurance fraud. The exposed information could be exploited to manipulate and falsify medical documents, thereby facilitating fraudulent insurance claims. This alarming possibility highlights the importance of robust security measures to safeguard sensitive data. 

It is worth noting that historical data reveals a significant surge in this type of fraud between 2010 and 2015, with fraudulent claims witnessing an astounding increase of over 400% during that period. This emphasizes the need for constant vigilance and proactive measures to combat such fraudulent activities. 

The primary purpose of pet microchipping is to find or identify lost pets and reunite them with their owners. This technology plays a crucial role in ensuring the safety and security of our beloved furry companions. Knowing a pet’s microchip number alone does not inherently pose a significant risk to the pet’s safety or security; however, when combined with other information and ownership data, there could be potential risks. 

It is important to be aware of the potential dangers that may arise from the misuse of this information. Hypothetically, criminals could falsely claim ownership of a lost or stolen pet using a publicly leaked microchip number, putting the pet's well-being at risk. This highlights the need for pet owners to be vigilant and take necessary precautions. Pet theft is a real concern — an estimated 2 million dogs are stolen every year in the United States. 

The alarming rise in pet theft cases is a cause for concern among pet owners nationwide. Labradoodles, known for their adorable appearance and friendly nature, can sell for as much as 5,000 USD, making them a potentially valuable target for criminals.

Pet owners need to be proactive in safeguarding their pets and ensuring their well-being at all times. Even if the criminal does not have physical access to the pet, there are other risks. A social engineering scheme would allow criminals to contact pet owners, posing as authority figures, and request personal information from them to update the microchip database, certifications, or other registrations. This would then be done by using social engineering tactics. 

The criminal, if successful, has the potential to acquire both credit and banking information or personally identifiable information (PII) from the owners. This could potentially pave the way for various forms of fraudulent activities, including identity theft. It is worth noting that the chip number is intricately connected to the owner's contact details within the microchip database, thereby raising concerns regarding the exposure of personal information.

In light of this, pet owners are advised to exercise caution when confronted with requests for information about their pet's microchip. As a precautionary measure, it is always advisable to verify the identity of individuals claiming to be authority figures and promptly report any suspicious activity related to their pet's microchip to the appropriate microchip registry and local authorities. By doing so, pet owners can actively contribute to safeguarding their personal information and preventing potential instances of fraud or identity theft. 

Any organization that collects and stores documents on animals or humans should take all possible steps to secure potentially sensitive information. This includes implementing a multi-layered security strategy that ensures all software, including database management systems, is regularly updated with security patches to address known vulnerabilities. 

By regularly updating the software, organizations can stay ahead of potential threats and protect stored information. Another good practice is to regularly monitor your network and database activity for suspicious behaviour. This can help identify any unauthorized access attempts or unusual activity that may indicate a security breach. 

In addition, conducting penetration testing and vulnerability assessments can help proactively identify and remediate weaknesses or misconfigured access settings. These assessments provide valuable insights into the organization's security posture and can guide the implementation of appropriate security measures. Lastly, it is important to notify customers or members of any serious data incident. By doing so, they can be made aware of what was exposed and take necessary precautions if criminals attempt to contact them or use the information for fraud. This level of transparency and communication builds trust with customers and helps them stay vigilant in protecting their personal information.