A Petco store pictured Sept. 2018 in Hampstead just outside of Wilmington, N.C. The pet retailer says a massive data breach hit an unspecified number of its U.S. customer base, stating it located the problem internally and "immediately took steps to correct the issue and to remove the files from further online access." File Photo by Ken Cedeno/UPI | License Photo
Dec. 8 (UPI) -- Petco stated it located the problem internally and "immediately took steps to correct the issue and to remove the files from further online access."
On Friday, Petco filed a legally mandated report with the Texas attorney general's office that revealed compromised data encompassed names, dates of birth, Social Security and driver's license numbers, and other financial details, including account and credit or debit card numbers.
A company spokesperson told TechCrunch that Petco had provided "further information to individuals whose information was involved."
It added that new digital alterations included "additional security measures and technical controls to enhance the security of our applications."
Petco officials wrote in a notification letter filed with California's attorney general they discovered a "setting within one of our software applications that inadvertently allowed certain files to be accessible online."
California law requires breach disclosures when 500 or more state residents are affected, indicating Petco's cyber incident met or exceeded that threshold.
In addition, the pet co
Petco cybersecurity rating report: https://www.rankiteo.com/company/petco-animal-supplies-inc-
"id": "PET1765223984",
"linkid": "petco-animal-supplies-inc-",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '500 or more '
'(California '
'residents)',
'industry': 'Pet Supplies',
'location': 'U.S.',
'name': 'Petco',
'size': None,
'type': 'Retailer'}],
'customer_advisories': 'Provided further information to '
'individuals whose information was '
'involved',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Names, '
'dates of '
'birth, '
'Social '
'Security '
'numbers, '
"driver's "
'license '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information',
'Financial '
'Information']},
'date_publicly_disclosed': '2023-12-08',
'description': 'Petco experienced a data breach where an '
'unspecified number of its U.S. customer base had '
'their personal and financial information '
'compromised. The issue was discovered '
'internally, and immediate steps were taken to '
'correct it and remove the files from further '
'online access.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Names, dates of birth, Social '
"Security numbers, driver's "
'license numbers, account '
'numbers, credit/debit card '
'numbers',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': 'Corrected the '
'software '
'setting, '
'implemented '
'additional '
'security '
'measures and '
'technical '
'controls',
'root_causes': 'Software setting '
'misconfiguration'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': '2023-12-08',
'source': 'UPI',
'url': None},
{'date_accessed': '2023-12-08',
'source': 'TechCrunch',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': ['California '
'Data Breach '
'Notification '
'Law'],
'regulatory_notifications': ['Texas '
'Attorney '
'General',
'California '
'Attorney '
'General']},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Filed legally mandated '
'reports with Texas and '
'California attorney '
'general offices, '
'provided information to '
'affected individuals',
'containment_measures': 'Removed files from further '
'online access',
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': 'Corrected the software '
'setting, implemented '
'additional security '
'measures and technical '
'controls',
'third_party_assistance': None},
'title': 'Petco Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': "A setting within one of Petco's "
'software applications that '
'inadvertently allowed certain files '
'to be accessible online'}