Last week, pet products and services giant Petco confirmed that it experienced a data breach involving customers’ personal information, without specifying what type of data was affected.
On Friday, in a legally required filing with Texas’ attorney general’s office, Petco reported that the affected data included: names, Social Security numbers, driver’s license numbers, financial information such as account numbers, credit or debit card numbers, and dates of birth.
Petco filed similar legally required notices in California, Massachusetts, and Montana. In the latter two states, Petco reported one and three affected residents respectively.
The company did not disclose the exact number of victims in California, where companies are required to disclose breaches involving at least 500 state residents, which suggests there are more victims than that number in the state.
Petco spokesperson Ventura Olvera did not respond to a series of questions sent on Monday, which included how many customers in total were affected by this incident. For context, in 2022, Petco said it served more than 24 million customers.
On Friday, Petco spokesperson Ventura Olvera said in a statement to TechCrunch that the company had “provided further information to individuals whose information was involved.”
California’s attorney general published a sample letter that Petco is sending to its customers. The message said Petco discovered an issue with “a setting within one of our software applications that inadvertently allowed certain files to be accessible online,” that the company “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”
Techcrunch event Join the Disrupt 2026 Waitlist Add yourself to the Disrupt 2026 waitlist to be first in line when Early Bird tickets drop. Past Disrupts have brought Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla to the stages — part of 250+ industry leaders driving 200+ sessions built to fuel your growth and sharpen your edge. Plus, meet the hundreds of startups innovating across every sector. Join the Disrupt 2026 Waitlist Add yourself to the Disrupt 2026 waitlist to be first in line when Early Bird tickets drop. Past Disrupts have brought Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla to the stages — part of 250+ industry leaders driving 200+ sessions built to fuel your growth and sharpen your edge. Plus, meet the hundreds of startups innovating across every sector. San Francisco | WAITLIST NOW
The company is offering free credit and identity theft monitoring services to victims.