Unprotected Database Leaks Sensitive User Information
AngelSense, an Israeli-American technology company that develops GPS tracking devices for individuals with disabilities, has suffered a major data leak exposing sensitive personal and medical records of thousands of users.Cybersecurity researchers from UpGuard discovered that an AngelSense database was left publicly accessible online without any security protection.
Scope of the Data Leak
- Exposed full names, addresses, and phone numbers of customers.
- Real-time GPS location data of users was accessible.
- Medical details regarding users’ health conditions were leaked.
- Login credentials and passwords were exposed without encryption.
Company Response
AngelSense has responded to the incident with the following statements:
- The company’s CEO confirmed that the exposed server was shut down immediately.
- According to AngelSense, there is no evidence that the data was misused.
- The company is still evaluating whether to notify affected customers.
The Risk of Exposed GPS and Medical Data
A data breach involving real-time location tracking is particularly concerning, as it could lead to stalking, identity theft, or even physical harm to vulnerable users. Medical information exposure also raises severe privacy risks under HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation) compliance regulations.
Key Security Lessons from This Incident
- Proper database access controls – Ensure all databases are configured with authentication mechanisms.
- Encryption of sensitive data – Prevent clear-text storage of personal, medical, and login credentials.
- Regular security audits – Conduct continuous vulnerability assessments to detect misconfigurations.
- Incident response readiness – Companies handling sensitive user data must have a clear notification protocol in case of breaches.
AngelSense, originally founded by Israeli parents of children with special needs, serves thousands of customers across both the U.S. and Israel. As investigations continue, the company faces potential regulatory scrutiny and reputational damage following this breach.
