Petco Data Breach
Petco Pet Supplies Retailer Breach (Salesforce, 2025): 94 Million Customer Email & Phone Records Exposed
Pet products and services retailer.
Risk Interpretation
Exposure enables phishing, order fraud, and household targeting. Pet ownership and subscription data can also reveal family composition, routines, and consumer habits that improve scam targeting.
Impact & Downstream Threats
The 2025 incident tied to Petco appears to have been part of the broader Salesforce customer data-theft and extortion wave rather than a uniquely documented Petco platform intrusion. Public reporting says threat actors leaked samples of data allegedly stolen from multiple Salesforce customers, including Petco, and later reporting on the wider campaign said attackers systematically exported data from numerous Salesforce environments using compromised credentials or third-party access paths rather
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
Petco suffered a data breach in 2025 as part of a broader attack campaign targeting Salesforce customer environments. The threat actor, a group calling itself "Scattered LAPSUS$ Hunters," released a sample of the stolen data on October 3, 2025, and claimed the full dataset would follow on October 10, 2025. Attackers reportedly used compromised credentials or third-party access paths to export records from multiple Salesforce-hosted environments rather than exploiting a flaw in Salesforce's core platform. The breach affected an estimated 94.4 million records tied to Petco customers. The exposed data includes full names, email addresses, and phone numbers. While financial and address details were not present in the confirmed sample, the combination of name and contact information at this scale creates real risk. Affected individuals may face targeted phishing emails, fraudulent phone calls, and impersonation attempts. The volume of records makes mass automated scam campaigns highly practical for attackers. No regulatory findings or legal actions related to this specific breach have been reported publicly as of the time of writing. Petco has not issued widely reported breach notifications. People who are or have been Petco customers should be alert to unsolicited emails or calls referencing their account or pet-related purchases, as attackers can use that context to make scam attempts appear credible. Changing passwords on any account that shares an email address used with Petco is a reasonable precaution.
About Petco
Petco is a U.S. pet retail and services company built around pet food, supplies, grooming, veterinary care, and broader pet health and wellness offerings. The company presents itself as an integrated retail and services platform rather than a simple specialty store chain, combining physical locations, e-commerce, and care services under the “Health + Wellness Co.” model.
Why They Hold Your Data
Pet retail chains collect customer identity, contact details, addresses, order history, payment-adjacent records, subscription data, and pet-related service or product preferences across commerce operations.
Recent Developments
Petco’s recent public posture has centered on operational turnaround, refinancing, and profitability improvement. In early 2026 the company reported fourth quarter and full-year 2025 results, highlighted reduced leverage, issued a 2026 outlook, and announced refinancing-related steps and leadership transition news earlier in the quarter.
Data Points Exposed
State-Reported Affected Data Types
Canonical Fields
email_address, phone_number
Dark Web Verification
- Dataset containing ~94.4M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: petco-salesforce-2025
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Petco
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam