Petco operates 1,500+ retail locations across the U.S., Mexico, and Puerto Rico, supported by eight distribution centers and a 29,000-person workforce. The attack surface spans point-of-sale systems across physical stores, veterinary hospital infrastructure (250+ Vetco Total Care facilities), e-commerce platforms, and supply chain logistics networks. The threat model includes payment card data at scale, protected health information from veterinary services, and operational technology managing physical infrastructure.
The security stack runs Python and PowerShell for automation, with SIEM/EDR/NDR providing detection coverage and SOAR orchestrating response workflows. Network architecture relies on next-generation firewalls, network access control, and SASE frameworks including secure web gateways and zero trust network access. Cloud security tooling protects hybrid environments as retail operations increasingly depend on connected systems.
Security teams handle both legacy retail infrastructure dating to the company's 1965 founding and modern cloud-native services. The scope includes securing customer transactions, veterinary patient data, third-party integrations with adoption partners (the company facilitated roughly 7 million adoptions through its charitable arm), and operational systems keeping stores, clinics, and distribution centers running across three countries.