Pet retail giant Petco is scrambling to contain fallout from a major data breach that exposed customers' Social Security numbers, driver's license information, and financial account details. The company revealed the full scope Friday in state regulatory filings, days after initially confirming a 'security lapse' without specifics. With over 24 million customers served annually, this represents one of the largest retail breaches of sensitive personal data this year.
Petco just became the latest retailer to join 2025's growing list of major data breaches, but this one cuts deeper than most. The pet supplies giant admitted Friday that hackers didn't even need to break in - a simple software misconfiguration left customers' most sensitive personal information sitting online for anyone to find.
The breach affects a staggering range of personal data that reads like an identity thief's wish list. According to regulatory filings with Texas authorities, exposed information includes full names, Social Security numbers, driver's license numbers, financial account details, credit and debit card numbers, and birth dates. It's essentially everything needed to assume someone's identity.
What makes this particularly troubling is how it happened. Petco told customers in notification letters that the company 'discovered an issue with a setting within one of our software applications that inadvertently allowed certain files to be accessible online.' Translation: someone forgot to lock the digital door, and customer files were just sitting there in the open.
The scale remains murky, but clues from state filings paint a concerning picture. California's attorney general published Petco's breach notice, and since companies must report breaches affecting 500 or more state residents, the California filing suggests hundreds of victims minimum in just one state. Meanwhile, Massachusetts reported one affected resident and Montana logged three.
For context, Petco serves more than 24 million customers annually according to 2022 company statements. The company's spokesperson Ventura Olvera hasn't responded to questions about the total number of affected customers, which suggests the final tally could be substantial.
