Source: TechCrunch
Petco has taken part of its Vetco Clinics website offline after a security flaw exposed sensitive customer and pet data to the public internet. The vulnerability allowed anyone to access Veterinary records without logging in by manipulating web addresses tied to sequential customer ID numbers. Exposed files included visit summaries, medical histories, prescriptions, vaccination records, customer contact details, home addresses, signatures, and detailed information about pets, such as breed, age, microchip numbers, and medical vitals.
At least one record was indexed by Google, making it searchable online, and the flaw may have exposed data belonging to millions of customers. TechCrunch disclosed the issue to Petco, which later confirmed it was investigating and said it had implemented additional security measures, though it did not clarify whether data was accessed or for how long the records were exposed. This incident marks Petco’s third data breach in 2025, raising ongoing concerns about its data security practices.