Petco 2025 Data Breach

Petco Pet Supplies Retailer Breach (Salesforce, 2025): 94 Million Customer Email & Phone Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersRetailEmail AddressPhone Number
Low SeverityWebsite / service breach

Petco Pet Supplies Retailer Breach (Salesforce, 2025): 94 Million Customer Email & Phone Records Exposed

Pet products and services retailer.

Verified by ObscureIQ Intelligence
0/100Breach Risk Index
5Data Value

Breach Intelligence Summary

Entity: Petco · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Pet products and services retail · Specialty retail chain · USA
Timeline: Breach (2025-10-10) · Year (2025)
Exposure: 94.4M records · 2 fields: Email Address, Phone Number
Status: Reported

Executive Summary

Petco suffered a data breach in 2025 as part of a broader attack campaign targeting Salesforce customer environments. The threat actor, a group calling itself "Scattered LAPSUS$ Hunters," released a sample of the stolen data on October 3, 2025, and claimed the full dataset would follow on October 10, 2025. Attackers reportedly used compromised credentials or third-party access paths to export records from multiple Salesforce-hosted environments rather than exploiting a flaw in Salesforce's core platform. The breach affected an estimated 94.4 million records tied to Petco customers. The exposed data includes full names, email addresses, and phone numbers. While financial and address details were not present in the confirmed sample, the combination of name and contact information at this scale creates real risk. Affected individuals may face targeted phishing emails, fraudulent phone calls, and impersonation attempts. The volume of records makes mass automated scam campaigns highly practical for attackers. No regulatory findings or legal actions related to this specific breach have been reported publicly as of the time of writing. Petco has not issued widely reported breach notifications. People who are or have been Petco customers should be alert to unsolicited emails or calls referencing their account or pet-related purchases, as attackers can use that context to make scam attempts appear credible. Changing passwords on any account that shares an email address used with Petco is a reasonable precaution.

ObscureIQ assessment: Exposure enables phishing, order fraud, and household targeting. Pet ownership and subscription data can also reveal family composition, routines, and consumer habits that improve scam targeting.

Breach Impact

The 2025 incident tied to Petco appears to have been part of the broader Salesforce customer data-theft and extortion wave rather than a uniquely documented Petco platform intrusion. Public reporting says threat actors leaked samples of data allegedly stolen from multiple Salesforce customers, including Petco, and later reporting on the wider campaign said attackers systematically exported data from numerous Salesforce environments using compromised credentials or third-party access paths rather than a flaw in Salesforce’s core platform. In practical terms, that makes the impact about downstream exposure of customer or business records in a SaaS environment, creating risk for phishing, impersonation, fraud pretexting, and follow-on targeting.

About Petco

Petco is a U.S. pet retail and services company built around pet food, supplies, grooming, veterinary care, and broader pet health and wellness offerings. The company presents itself as an integrated retail and services platform rather than a simple specialty store chain, combining physical locations, e-commerce, and care services under the “Health + Wellness Co.” model.

Why They Hold Your Data

Pet retail chains collect customer identity, contact details, addresses, order history, payment-adjacent records, subscription data, and pet-related service or product preferences across commerce operations.

Recent Developments

Petco’s recent public posture has centered on operational turnaround, refinancing, and profitability improvement. In early 2026 the company reported fourth quarter and full-year 2025 results, highlighted reduced leverage, issued a 2026 outlook, and announced refinancing-related steps and leadership transition news earlier in the quarter.

Data Points Exposed

2 verified field types
Email Address
Phone Number

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Petco breach?

Petco suffered a data breach in 2025 as part of a broader attack campaign targeting Salesforce customer environments. The threat actor, a group calling itself "Scattered LAPSUS$ Hunters," released a sample of the stolen data on October 3, 2025, and claimed the full dataset would follow on October…

What data was exposed?

Verified fields include Email Address, Phone Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation