Petco Files Data Breach Reports and Blames Inadvertent Software Setting

By  |  December 10, 2025
 | 
Petco app and website

Petco has reported that a setting within one of its software applications made customers’ personal information accessible online.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The retailer filed data breach reports in California, Massachusetts and Texas.

    The disclosures were flagged by PCMag in a Tuesday (Dec. 9) report.

    The California Attorney General data breach list said Petco reported Wednesday (Dec. 3) that it suffered a breach on July 7. The report did not specify the number of consumers affected, but the Attorney General’s page said the law requires that it be notified if a breach is sent to more than 500 California residents.

    Petco’s breach notification letter provided to California said: “We recently identified and took measures to address a setting within one of our software applications that inadvertently allowed certain files to be accessible online. We discovered the issue on our own through a routine security review. After discovering the issue, we immediately took steps to correct the issue and to remove the files from further online access.”

    The Massachusetts Office of Consumer Affairs and Business Regulation said in a data breach notification report that Petco reported a breach on Thursday (Dec. 4), saying it affected seven of the state’s residents. The report said the information breached included driver’s licenses and credit or debit card numbers; it did not include Social Security Number, medical records or financial account information.

    Advertisement: Scroll to Continue

    The Texas Office of the Attorney General published Petco’s data security breach report on Friday (Dec. 5). That report said that 329 Texans were affected, notice had been provided to consumers, and the types of information affected included Social Security Number information; driver’s license number; financial information such as an account number or a credit or debit card number; and date of birth.

    TechCrunch reported Wednesday (Dec. 10) that Petco took part of its Vetco Clinics website offline after TechCrunch told the company that the veterinary services business’ customer records could be downloaded by anyone online and that at least one customer record had been indexed by Google and could be found via search.

    Petco spokesperson Ventura Olvera told TechCrunch Tuesday (Dec. 9), per the report, that the firm had “implemented, and will continue to implement, additional measures to further strengthen the security of our systems.”


    Recommended

    Petco app and website

    Petco Files Data Breach Reports and Blames Inadvertent Software Setting

    Amazon grocery bags on front porch

    Amazon Grows Same-Day Fresh Grocery Delivery to 2,300 Communities

    Adobe Lets Users Design and Edit Using ChatGPT

    Treasury Considers Allowing FinCEN to Veto Other Regulators’ Enforcement Actions

    See More In: , , , , ,