When Trust Turns Into a Data Nightmare

AngelSense, a company that prides itself on protecting the most vulnerable, just dropped the ball—big time. The assistive tech giant, known for its GPS trackers for people with disabilities, left a treasure trove of sensitive user data exposed to the open internet. And here’s the kicker: it took them over a week to fix it after being alerted by cybersecurity researchers at UpGuard.

This isn’t just a minor oopsie. This is a full-blown security disaster that could have put thousands of lives at risk. Let’s break it down.

What Went Wrong?

AngelSense’s internal database was left wide open—no password, no encryption, no protection. Anyone with a web browser and the database’s public IP address could access it. What was inside? A goldmine of personal and sensitive data:

• Names, addresses, and phone numbers of AngelSense customers
• Real-time GPS coordinates of individuals being tracked
• Health information, including conditions like autism and dementia
• Email addresses, passwords, and authentication tokens for customer accounts
• Partial credit card details—all in plaintext

“It was only when UpGuard phoned us that the issue was raised to our attention.”

Doron Somer, AngelSense CEO

How Long Was the Data Exposed?

Here’s where it gets even scarier. The database was first spotted online on January 14, but it could have been exposed even earlier. AngelSense claims they have no evidence of unauthorized access, but here’s the kicker: they don’t even know if they have the technical means to determine if someone else accessed the data before UpGuard.

The Fallout: Trust Eroded, Questions Unanswered

AngelSense’s CEO, Doron Somer, downplayed the severity, calling the exposed data “not sensitive personal information.” But let’s be real: GPS coordinates of vulnerable individuals? Health conditions? Passwords? That’s not just sensitive—that’s a privacy apocalypse.

When asked if they’d notify affected customers, Somer said they’re still investigating. Translation: “We’ll cross that bridge if we come to it.” Not exactly reassuring for the thousands of families who trusted AngelSense to keep their loved ones safe.

This Isn’t an Isolated Incident

Database exposures like this are becoming alarmingly common. From U.S. military emails to two-factor authentication codes leaking in real-time, these lapses are often the result of human error—not malice. But that doesn’t make them any less dangerous.

The Takeaway: Vigilance Is Non-Negotiable

If there’s one thing this incident screams, it’s this: security can’t be an afterthought. Companies handling sensitive data—especially for vulnerable populations—need to step up their game. Encryption, access controls, and regular audits aren’t optional. They’re the bare minimum.

For AngelSense, this is a wake-up call. For the rest of us, it’s a reminder: trust, but verify. Because when it comes to data security, the stakes are just too high to get it wrong.