Petco, the well-known retailer for pet products and services, has acknowledged a security incident that exposed customer information. The company disclosed the issue in a notice submitted to California’s attorney general, which is required when a significant number of state residents are affected by a data breach.
A sample of the notification letter provided by the state shows that Petco discovered a problem within one of its internal software tools. According to the company, a configuration mistake made certain files publicly accessible online. The organization stated that it detected the issue on its own and acted immediately to shut off access and secure the exposed data.
The letter does not give a detailed description of what kind of personal information was visible or how long the files remained online. Petco’s statement simply refers to “personal information,” leaving many questions unanswered. The company says affected customers have been contacted directly with more complete information.
A representative from Petco confirmed that additional details were shared privately with individuals whose data was involved, but the spokesperson declined to answer further inquiries, including the number of customers affected or the precise types of information involved.
California law requires businesses to report breaches that involve information belonging to 500 or more state residents. This disclosure threshold suggests that at least that many California customers were impacted. The notice also indicates that residents from other states were notified, including people in Massachusetts and a small number of individuals in Montana.
In response to the incident, Petco is offering complimentary credit monitoring and identity protection services. These services are typically provided in situations where sensitive identifiers—like Social Security numbers or driver’s license details—may have been at risk, though the company has not publicly confirmed whether that type of data was involved.
Petco says the security lapse has since been fixed. The vulnerable settings were updated, and the affected files were taken offline. The company’s letter states that additional technical controls and stronger security safeguards are being put in place to prevent similar issues from happening in the future.
While there is still uncertainty about the scale of the breach, Petco is encouraging customers who receive notification letters to follow the steps provided and take advantage of the credit protection being offered. The company maintains that it identified and resolved the issue quickly, though many consumers may still have concerns about their data and how it was used.
