Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Petco

Petco Vendor Cyber Rating & Cyber Score

petco.com

Where the Pets Go. Celebrating 60 years of helping pets live their best life!


Petco A.I CyberSecurity Scoring

Petco
Company Information
Website:http://www.petco.com/
Employees number:19,372
Number of followers:384,306
NAICS:43
Industry Type:Retail
Homepage:petco.com
Petco Risk Score (AI oriented)
Between 550 and 599
logo
PetcoRetail
Updated:
02/04/2026
587/1000
Very Poor
Ca
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Petco Global Score (TPRM)
xxxx
logo
PetcoRetail
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Petco
PetcoVery Poor
Current Score
587Ca (VERY POOR)
01000
3 incidents
-84 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
596Before Incident
JUNE 2026
595Before Incident
MAY 2026
591Before Incident
APRIL 2026
591Before Incident
MARCH 2026
588Before Incident
FEBRUARY 2026
582Before Incident
JANUARY 2026
580Before Incident
DECEMBER 2025
658Before Incident
Breach
10 Dec 2025Petco
Petco takes down Vetco website after exposing customers’ personal information

Petco Vetco Clinics Data Exposure

574After Incident
CRITICAL-84
PET1765476698
Petco Vetco Clinics Expose Customer and Pet Data in Latest Security Lapse Petco has taken part of its Vetco Clinics website offline after a security flaw exposed sensitive customer and pet records to the open web. The incident, discovered by TechCrunch and reported to the company on Friday, allowed unauthorized access to medical histories, prescription details, and personal information without requiring login credentials. The exposed records included customer names, addresses, emails, phone numbers, clinic visit locations, veterinary assessments, and financial details. Pet data—such as names, breeds, ages, microchip numbers, and medical vitals—was also compromised. At least one record, dated mid-2020, was indexed by Google, making it publicly searchable. The vulnerability stemmed from an insecure direct object reference (IDOR) flaw in Vetco’s PDF-generating system. The portal, hosted at petpass.com, lacked proper authentication, enabling anyone to access files by manipulating customer ID numbers in the URL. Since these IDs are sequential, millions of records may have been exposed. TechCrunch confirmed the issue by testing intervals of 100,000 customer numbers. Petco acknowledged the breach in a statement on Tuesday, stating it had implemented additional security measures but did not confirm whether logs could determine if data was exfiltrated. The company declined to comment on the duration of the exposure. This marks Petco’s third reported data breach in 2025. Earlier incidents included a ransomware attack by the Scattered Lapsus$ Hunters hacking group and a separate leak in September involving Social Security numbers, driver’s licenses, and payment card details. The latest Vetco incident appears unrelated to the prior breaches.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
Data Compromised: Customer and pet medical records, personal informationSystems Affected: Vetco Clinics website (petpass.com)Downtime: Partial website takedownOperational Impact: Investigation and remediation effortsBrand Reputation Impact: YesIdentity Theft Risk: Yes
DATA BREACH
Visit summariesMedical historiesPrescription recordsVaccination recordsCustomer namesHome addressesEmail addressesPhone numbersClinic locationsMedical assessmentsTestsDiagnosesCosts of goodsVeterinarian namesConsent formsOwner signaturesDates of serviceAnimal namesSpecies and breedSexAgeDate of birthMicrochip numbersMedical vitalsNumber Of Records Exposed: Millions (potentially)Sensitivity Of Data: HighPDFPersonally Identifiable Information: Yes
NOVEMBER 2025
658Before Incident
OCTOBER 2025
656Before Incident
SEPTEMBER 2025
654Before Incident
AUGUST 2025
652Before Incident
JULY 2025
705Before Incident
Breach
01 Jul 2025Petco
Petco Animal Supplies Stores Inc.: Petco class action alleges data breach exposed customer information

Petco Data Breach Exposing Customer Personal Information

647After Incident
CRITICAL-58
PET1769153279
Petco Faces Class Action Lawsuit Over Data Breach Exposing Customer Personal Information A class action lawsuit filed in the U.S. District Court for the Southern District of California alleges that Petco failed to adequately protect customer data, leading to a breach that compromised sensitive personal information. The suit, Mack, et al. v. Petco Animal Supplies Stores Inc. (Case No. 3:25-cv-03806), was brought by plaintiff Matthew Mack, who claims the company neglected to implement proper cybersecurity measures despite knowing the risks. The breach, discovered during a routine security review in July 2025, exposed a range of personally identifiable information (PII), including names, dates of birth, Social Security numbers, driver’s license numbers, and financial details such as account and payment card numbers. According to the lawsuit, affected customers were not notified of the incident for months, leaving them unaware of the exposure. Mack’s legal team, represented by Lynch Carpenter LLP, accuses Petco of negligence, breach of implied contract, and unjust enrichment, among other claims. The plaintiff seeks declaratory and injunctive relief, as well as damages, on behalf of a nationwide class of consumers impacted by the breach. The lawsuit highlights Petco’s alleged failure to meet basic security standards, despite handling highly sensitive customer data. The case underscores growing concerns over corporate accountability in safeguarding personal information amid rising cyber threats.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personally identifiable information (PII), including names, dates of birth, Social Security numbers, driver’s license numbers, and financial details such as account and payment card numbersBrand Reputation Impact: Growing concerns over corporate accountability in safeguarding personal informationLegal Liabilities: Class action lawsuit filedIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Personally identifiable information (PII)Financial detailsSensitivity Of Data: HighNamesDates of birthSocial Security numbersDriver’s license numbersPayment card numbers
DECEMBER 2024
770Before Incident
Breach
08 Dec 2024Petco
Petco cyber breach affects customer SSNs, DOBs, other private data

Petco Data Breach

698After Incident
CRITICAL-72
PET1765223984
A Petco store pictured Sept. 2018 in Hampstead just outside of Wilmington, N.C. The pet retailer says a massive data breach hit an unspecified number of its U.S. customer base, stating it located the problem internally and "immediately took steps to correct the issue and to remove the files from further online access." File Photo by Ken Cedeno/UPI | License Photo Dec. 8 (UPI) -- Petco stated it located the problem internally and "immediately took steps to correct the issue and to remove the files from further online access." On Friday, Petco filed a legally mandated report with the Texas attorney general's office that revealed compromised data encompassed names, dates of birth, Social Security and driver's license numbers, and other financial details, including account and credit or debit card numbers. A company spokesperson told TechCrunch that Petco had provided "further information to individuals whose information was involved." It added that new digital alterations included "additional security measures and technical controls to enhance the security of our applications." Petco officials wrote in a notification letter filed with California's attorney general they discovered a "setting within one of our software applications that inadvertently allowed certain files to be accessible online." California law requires breach disclosures when 500 or more state residents are affected, indicating Petco's cyber incident met or exceeded that threshold. In addition, the pet co
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Names, dates of birth, Social Security numbers, driver's license numbers, account numbers, credit/debit card numbersIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Personally Identifiable InformationFinancial InformationSensitivity Of Data: HighPersonally Identifiable Information: Names, dates of birth, Social Security numbers, driver's license numbers

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Petco ?
?
What was Petco's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Petco's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Petco's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Petco's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Petco's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Petco's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Petco's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Petco's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Petco's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Petco's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Petco's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Petco's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Petco ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Petco's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Petco Cyber Scoring History | Rankiteo