Petco has confirmed that its data security breach exposed sensitive customer information.
The company initially acknowledged a breach without detailing what was compromised, legal notices that were required in several states are starting to show the scope of the hack.
Data breach revealed, potentially impacting several banks
In filings submitted to the Texas attorney general — echoed in notifications to officials in California, Massachusetts, and Montana — Petco disclosed that exposed data included customers’ names, Social Security numbers, driver’s license numbers, dates of birth, and financial information such as account and card numbers.
In two states, Petco reported only a handful of affected residents, but California’s disclosure threshold (which only kicks in when 500 customers or more are affected) suggests the actual number of victims there is significantly higher.
As first spotted by TechCrunch, Petco declined to answer detailed questions about how many customers were impacted, whether any unauthorized parties accessed or stole the exposed files, or which application was responsible for the issue.
Mashable Light Speed
The company has previously reported serving more than 24 million customers in 2022, giving a sense of the potential scale of the hack.
A sample notification, published by California’s attorney general, indicates the breach stemmed from a misconfigured setting in one of Petco’s software applications, which inadvertently made a number of files accessible online.
Petco says it has corrected the setting, removed the exposed files, and implemented additional security measures.
The company is offering free credit and identity monitoring services to affected individuals in states where such support is required by law when highly sensitive data — like SSNs or driver’s license numbers — is compromised.
Still to be determined: whether Texas residents will receive the same level of protection.
