Petco Data Breach Exposes Sensitive Customer Information, Company Offers Monitoring Services
SAN DIEGO, Calif. — Petco, the national pet supply retailer, confirmed on December 15, 2025, that a significant data breach compromised sensitive customer information due to a software configuration error. The company disclosed the incident in filings with multiple state attorneys general, revealing that names, Social Security numbers, driver’s license numbers, financial account details, credit or debit card numbers, and dates of birth were exposed online for a period before the issue was identified and corrected.
According to the breach notifications filed with the California Attorney General’s Office, the vulnerability stemmed from an improperly set software application that made certain files accessible to unauthorized parties. Petco took immediate action to remove the files and implemented enhanced security protocols to prevent future incidents. Notifications have been sent to affected customers, and the company is providing free credit and identity theft monitoring services to residents of California, Massachusetts, and Montana. However, it remains unclear whether similar protections are extended to those impacted in Texas, where the breach was also reported.
Petco serves millions of customers across the United States, with over 24 million customers reported in 2022. While the company has not disclosed the total number of individuals affected, the breach notifications filed in states with stringent reporting requirements suggest the scope is substantial. The exposed data — including government-issued identification numbers and financial information — poses serious risks of identity theft and fraud. Criminals can exploit such information to open fraudulent accounts, assume identities, or bypass security checks.
In a statement provided to cybersecurity expert Kurt Knutsson of Fox News, a Petco representative said, “We recently identified a setting in one of our applications which inadvertently made certain Petco files accessible online. Upon identifying the issue, we took immediate steps to correct the error and began an investigation. We notified individuals whose information was involved and continue to monitor for further issues. We take this incident seriously. To help prevent something like this from happening again, we have taken and will continue to take steps to enhance the security of our network.”
Experts emphasize that breaches involving Social Security numbers, birth dates, and financial data can have long-term consequences. According to guidance from the Federal Trade Commission, victims of such breaches should remain vigilant for signs of identity theft, including unexpected credit inquiries or accounts they did not open. The FTC recommends placing fraud alerts or credit freezes on credit reports and regularly monitoring financial statements.
Petco’s breach underscores the growing risks companies face in securing customer data amid increasingly sophisticated cyber threats. The incident also highlights the importance of robust software configuration management and prompt breach disclosure, as mandated by state laws such as California’s Consumer Privacy Act (CCPA). Customers affected by the breach are urged to take advantage of the free monitoring services offered and to follow best practices for protecting their personal information.
For more information on protecting yourself after a data breach, the IdentityTheft.gov website provides comprehensive resources and step-by-step recovery plans. Meanwhile, federal and state agencies continue to investigate the Petco breach to determine its full impact and to hold responsible parties accountable.
Leave a Reply