Last week, pet products and services giant Petco confirmed that it experienced a data breach involving customers’ personal information, without specifying what type of data was affected.
On Friday, in a legally required filing with Texas’ attorney general’s office, Petco reported that the affected data included: names, Social Security numbers, driver’s license numbers, financial information such as account numbers, credit or debit card numbers, and dates of birth.
Petco filed similar legally required notices in California, Massachusetts, and Montana. In the latter two states, Petco reported one and three affected residents respectively.
The company did not disclose the exact number of victims in California, where companies are required to disclose breaches involving at least 500 state residents, which suggests there are more victims than that number in the state.
Petco spokesperson Ventura Olvera did not respond to a series of questions sent on Monday, which included how many customers in total were affected by this incident; whether Petco has any technical means, including logs, to determine whether any cybercriminals had access and stole the customers’ exposed data; what and when was the specific issue identified; and what was the application involved in the incident.
For context, in 2022, Petco said it served more than 24 million customers.
On Friday, Petco spokesperson Ventura Olvera said in a statement to TechCrunch that the company had “provided further information to individuals whose information was involved.”
Techcrunch event
San Francisco
|
October 13-15, 2026
California’s attorney general published a sample letter that Petco is sending to its customers. The message said Petco discovered an issue with “a setting within one of our software applications that inadvertently allowed certain files to be accessible online,” that the company “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”
The company is offering free credit and identity theft monitoring services to victims in California, California, Massachusetts, Montana. Under California law, for example, companies must provide these services if a data breach victim’s driver’s license number or Social Security number are compromised. It’s unclear if Petco is also offering these services to victims in Texas.
