Petco, the major pet products and services retailer, has recently disclosed significant details about a data breach that compromised sensitive customer information. Initially announcing the breach without specifics, the company has now revealed through mandatory legal filings that the exposed data includes highly sensitive personal identifiers.
Scope of the Breach Revealed Through State Filings
In a mandatory filing with the Texas Attorney General’s office last Friday, Petco acknowledged that the compromised information encompasses customers’ names, Social Security numbers, driver’s license information, financial account details, credit and debit card numbers, and birth dates. This disclosure represents a substantial escalation from the company’s initial vague announcement about the incident.
Similar legal notices were submitted in California, Massachusetts, and Montana, as required by state data breach notification laws. While Massachusetts and Montana reports indicated just one and three affected residents respectively, the California filing suggests a more extensive impact. Since California law mandates disclosure only when breaches affect at least 500 state residents, and Petco did not specify an exact number, the implication is that hundreds or potentially thousands of California customers had their data exposed.
Petco’s Response and Limited Transparency
When contacted for clarification, Petco spokesperson Ventura Olvera did not address questions about the total number of affected customers across all states. This lack of transparency is particularly concerning given the company’s substantial customer base of over 24 million people as reported in 2022.
In a statement to TechCrunch, Olvera indicated only that Petco had