Pet products and services giant Petco disclosed a data breach Wednesday in a filing with the California attorney general that the company said included personal information of its customers.
The state posted a sample of the notification letter that Petco sends to customers affected by the breach. In the letter, Petco said it identified “a setting in one of our software applications that inadvertently allowed certain files to be accessible online,” adding that the company discovered the problem on its own and “immediately took steps to correct the problem and remove the files from further online access.”
The letter, however, does not specify what type of customer personal information was exposed during the security breach.
Petco spokesman Ventura Olvera told TechCrunch that the company “provided further information to individuals whose information was involved.”
Olvera did not respond to a series of follow-up questions, including the number of customers affected by the incident and the type of personal data exposed.
California law requires companies to disclose data breaches involving 500 or more state residents, suggesting at least 500 Petco customers in California are affected. Petco has also notified unspecified number of people in Massachusetts, and three people in the state of Montana, according to state website.
The company said it also offers free credit and identity theft monitoring services to victims. Under California law, companies are required to provide resources to credit monitoring companies if a person’s driver’s license number or social security number is compromised.
Techcrunch event
San Francisco
|
13-15 October 2026
In the letter, Petco said it “fixed the app’s settings after discovering the bug” and that it has implemented some unspecified “additional security measures and technical controls to improve the security of our apps.”
