Final week, pet services and products big Petco confirmed that it skilled a data breach involving prospects’ private data, with out specifying what kind of information was affected.
On Friday, in a legally required submitting with Texas’ lawyer common’s workplace, Petco reported that the affected information included: names, Social Safety numbers, driver’s license numbers, monetary data reminiscent of account numbers, credit score or debit card numbers, and dates of delivery.
Petco filed related legally required notices in California, Massachusetts, and Montana. Within the latter two states, Petco reported one and three affected residents respectively.
The corporate didn’t disclose the precise variety of victims in California, the place corporations are required to reveal breaches involving a minimum of 500 state residents, which suggests there are extra victims than that quantity within the state.
Petco spokesperson Ventura Olvera didn’t reply to a collection of questions despatched on Monday, which included what number of prospects in whole had been affected by this incident; whether or not Petco has any technical means, together with logs, to find out whether or not any cybercriminals had entry and stole the shoppers’ uncovered information; what and when was the particular situation recognized; and what was the applying concerned within the incident.
For context, in 2022, Petco mentioned it served greater than 24 million prospects.
On Friday, Petco spokesperson Ventura Olvera mentioned in an announcement to information.killnetswitch that the corporate had “supplied additional data to people whose data was concerned.”
Techcrunch occasion
San Francisco
|
October 13-15, 2026
California’s lawyer common printed a pattern letter that Petco is sending to its prospects. The message mentioned Petco found a problem with “a setting inside considered one of our software program purposes that inadvertently allowed sure information to be accessible on-line,” that the corporate “instantly took steps to right the difficulty and to take away the information from additional on-line entry,” and that it “corrected” the setting and carried out unspecified “further security measures.”
The corporate is providing free credit score and identification theft monitoring providers to victims in California, California, Massachusetts, Montana. Underneath California legislation, for instance, corporations should present these providers if a data breach sufferer’s driver’s license quantity or Social Safety quantity are compromised. It’s unclear if Petco can be providing these providers to victims in Texas.
