Petco Confirms Data Security Incident Impacting Customer Data

American pet retailer Petco reported that it suffered a significant data security incident earlier this year that compromised the personal information of its customers.

 

Petco is a major U.S. pet retailer and wellness company offering pet food, supplies, live animals, and services such as grooming, training, veterinary care (Vetco), and pet insurance through hundreds of stores and online platforms.

 

In a data security incident notice filed with the California Attorney General’s Office, Petco said it recently identified a security incident during a routine review and immediately launched an investigation to assess its scope.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the same.

 

“We recently identified and took measures to address a setting within one of our software applications that inadvertently allowed certain files to be accessible online. We discovered the issue on our own through a routine security review. After discovering the issue, we immediately took steps to correct the issue and to remove the files from further online access,” Petco said.

 

Although the company did not disclose specifics about the breach, it said the incident involved customers’ sensitive personal information.

 

Under California law, companies must report data breaches that affect 500 or more residents, implying that a minimum of 500 Petco customers in the state were affected. Petco has also issued notifications to customers in Massachusetts and Montana.

 

“We take this issue seriously, and we immediately corrected the application’s settings after discovering the error. To help prevent a similar error in the future, we have implemented additional security measures and technical controls to enhance the security of our applications,” the pet retailer added.

 

Petco has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services through Epiq to all affected individuals.