Petco Confirms Data Breach Exposing Customer Data

Petco, the prominent pet products and services retailer, has officially disclosed a data breach that exposed customers' personal information. The company filed notice with California's attorney general, attributing the security lapse to an inadvertent software setting.

Petco's notification letter to affected customers, a sample of which was published by the state, explained that the incident stemmed from "a setting within one of our software applications that inadvertently allowed certain files to be accessible online." The company stated it discovered the issue internally and "immediately took steps to correct the issue and to remove the files from further online access."

However, the letter conspicuously omits details regarding the specific types of personal information compromised during the security incident. When pressed for more information, Petco spokesperson Ventura Olvera told TechCrunch that the company had "provided further information to individuals whose information was involved." Yet, Olvera declined to answer follow-up questions concerning the total number of affected customers or the precise nature of the exposed data, a lack of transparency that has raised concerns.

California law mandates disclosure for data breaches affecting 500 or more state residents, suggesting at least 500 Petco customers in California were impacted. Beyond California, Petco has also notified an unspecified number of individuals in Massachusetts and three people in Montana, according to state websites.

In response to the breach, Petco is offering free credit and identity theft monitoring services to victims. This aligns with California law, which requires companies to provide such resources if a person's driver's license or Social Security numbers are compromised. The company also stated it "corrected the application’s settings after discovering the error" and has implemented "additional security measures and technical controls to enhance the security of our applications," though specific details about these enhancements remain undisclosed.