Petco, a major provider of pet products and services, disclosed a data breach in a filing with California’s attorney general on Wednesday. The company states the incident involves the personal information of its customers.
A sample notification letter published by the state reveals that Petco identified a misconfigured setting within one of its software applications. This setting inadvertently allowed certain files to be accessible online. Petco says it discovered the issue independently and immediately took steps to correct it, removing the files from further online access.
The notification letter does not specify what type of customer personal information was exposed. Petco spokesperson Ventura Olvera stated the company had provided further information to affected individuals but did not respond to follow-up questions regarding the number of impacted customers or the specific categories of data compromised.
California law mandates companies disclose breaches affecting 500 or more state residents, indicating at least 500 Petco customers in California are affected. Petco has also notified an unspecified number of people in Massachusetts and three individuals in Montana, according to those states’ websites.
The company is offering free credit and identity theft monitoring services to victims. Under California law, companies must provide such resources if a person’s driver’s license number or Social Security number is compromised.
In its letter, Petco said it corrected the application’s settings after discovering the error and has implemented additional, unspecified security measures and technical controls to enhance application security.