Disability monitoring tool exposes personal information online.

Cybersecurity researchers have discovered an unprotected database belonging to AngelSense, representing a potential risk of sensitive information leakage. This database, which was active online for several weeks, contained data generated by the company's GPS devices.

AngelSense specializes in GPS tracking devices for individuals with special needs, such as children with autism or elderly adults with dementia. The company's devices not only enable real-time tracking but also offer two-way communication and notifications to caregivers to ensure the safety of their loved ones.

According to reports, the company, which is valued by police agencies in the United States, stored real-time updated records from its system, which included personal information of its clients. Among the exposed data were names, mailing addresses, phone numbers, GPS coordinates, and health details. Additionally, the database contained technical records about the company’s systems.

Investigators found that email addresses, passwords, authentication tokens to access client accounts, and partially unencrypted credit card information were stored. Although the database has been shut down, it is unclear how long it was exposed; however, it was detected on January 14.

AngelSense CEO Doron Somer stated that the situation was brought to her attention only after UpGuard contacted her team. She assured that once alerted, the company acted quickly to verify the information and rectify the vulnerability. Somer also emphasized that there is no evidence that the information stored in the records system was previously accessed or that it is at risk of being misused.