Petco leaks customer information through application misconfiguration
Learn More
Pet products and services company Petco Animal Supplies reports a data breach on December 5, 20245 after detecting a misconfigured security setting in one of the company's software applications that inadvertently allowed certain files containing customer personal information to be accessible online.
The types of exposed data and the number of affected individuals is not disclosed. No details are provided of the length of the exposure or if any threat actors managed to access the data.
Petco has offered free credit and identity theft monitoring services to affected individuals.
According to the notification letter sent to affected customers, Petco corrected the application's settings after discovering the error and implemented additional security measures and technical controls to enhance the security of its applications.
Update - as of 8th of December 2025, Petco filed notifications with multiple state attorney general offices including California, Texas, Massachusetts, and Montana.
According to submitted filings the exposed data includes:
- Customer names
- Social Security numbers
- Driver's license numbers
- Financial information including bank account numbers
- Credit or debit card numbers
- Dates of birth
Petco declined to disclose the total number of affected customers or provide details about the duration of the exposure.
