Data Security Incident

We have completed our initial analysis regarding the security incident from February 10.

As we previously explained, on February 10, 2023, Gingr’s IT team was alerted to an issue related to the outside service that we use to generate and manage SMS messages through the Gingr application. On February 11, we learned that a set of phone numbers may have been exposed as a result of a third party’s penetration of this outside SMS service.

Our subsequent analysis has revealed that malicious actors using two suspicious IP addresses from outside the Gingr network were able to use compromised API keys to pull customer phone numbers from our external SMS vendor. Immediate steps were taken to ensure there was no access to Gingr's data.

While we do not have specific data on which phone numbers were exposed, we have confirmed that there was no impact to the Gingr business portal or Customer Portals. No other information related to Gingr Customers and Pet Parents was exposed other than phone numbers. No Personal Identifiable Information related to Gingr customers and Pet Parents was compromised.

In the 48 hours after we discovered the compromise, our IT security team took several initial actions to react to the compromised API keys and close off any access that was opened due to it. Over the course of the next three days, we completed additional steps to close any other possible vulnerabilities that could have been exposed. We took these additional steps out of an abundance of caution to ensure that our environment is as secure as possible. We have two additional actions that will happen in the next two weeks in alignment with our release cycle.

Our team has taken swift, effective action to address this unfortunate situation. We have cast a wide net to examine our security footing across the Gingr environment, and the resulting changes have made us more effective from a security standpoint. We appreciate your patience and understanding, and look forward to serving all of our Gingr customers and pet parents as we move forward.

We value your business and respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about a data security incident that impacted some Gingr users and their pet parent customers.

On February 10, 2023, Gingr’s IT team was alerted to an issue related to the outside service that we use to generate and manage SMS messages through the Gingr application. On February 11, we learned that a set of phone numbers may have been exposed as a result of a third party’s penetration of this outside SMS service. We continue to explore the details of this to better understand its breadth, and what specific phone numbers were exposed. At this time, it is unclear how the phone numbers were obtained.

To our knowledge, there was no other personal information outside of these phone numbers exposed. Additionally, we do not see any evidence that the Gingr application or any of its data was compromised. We are working through our standard data security protocols to ensure all personal and other data is secure.

We ask that you please inform your staff and customers to not click on any suspicious links in SMS messages and block/report those numbers that appear to be sending spam or phishing messages.

We take the responsibility for data security very seriously. Thank you for your patience as we work through the steps of this investigation.

Gingr is aware of a situation where a third party is sending spam phishing SMS messages to Gingr customers and pet parents. We are actively investigating the matter and will follow up as soon as we have more information.