Pet products and services giant Petco disclosed the data breach Wednesday in a filing with the California attorney general's office, which the company claims involved customers' personal information.
The state released a sample notification letter that Petco would send to customers affected by the breach. Petco said in the letter that it had identified “a setting in one of our software applications that incorrectly allowed access to certain files online,” adding that the company independently discovered the issue and “immediately took steps to correct the issue and remove the file from future online access.”
However, the letter does not specify what kind of customer personal information was compromised during the security lapse.
Petco spokesperson Ventura Olvera told TechCrunch that the company has “provided further information to the individuals involved.”
Olvera did not respond to a series of follow-up questions, including how many customers were affected by the incident and what kind of personal data was compromised.
California law requires companies to disclose data breaches involving 500 or more state residents, suggesting at least 500 Petco customers in California are affected. Petco also notified an unspecified number of people in Massachusetts and three people in Montana, according to the state's website.
The company said it also offers free credit and identity theft monitoring services to victims. California law requires companies to provide resources to credit monitoring companies if an individual's driver's license number or Social Security number is compromised.
tech crunch event
San Francisco | October 13-15, 2026
Petco said in the letter that it had “corrected the application settings after discovering the error” and implemented unspecified “additional security measures and technical controls to enhance the security of the application.”