Pet products and services giant Petco disclosed a data breach on Wednesday in a filing with California’s attorney general, which the company says involves the personal information of its customers.

The state published a sample of the notification letter that Petco is sending to customers affected by the breach. In the letter, Petco said that it identified “a setting within one of our software applications that inadvertently allowed certain files to be accessible online,” adding that the company discovered the issue on its own, and “immediately took steps to correct the issue and to remove the files from further online access.”

The letter, however, does not specify what type of customers’ personal information was exposed during the security lapse.

Petco spokesperson Ventura Olvera told TechCrunch that the company had “provided further information to individuals whose information was involved.” 

Olvera did not respond to a series of follow-up questions, including how many customers were affected by the incident, and what type of personal data was exposed.

California law requires that companies disclose data breaches involving 500 or more state residents, suggesting at least 500 Petco customers in California are affected. Petco has also notified an unspecified number of people in Massachusetts, and three people in the state of Montana, according to the state’s website.

The company said it is also offering free credit and identity theft monitoring services to the victims. Under California law, companies are required to provide resources to credit monitoring firms if a person’s driver’s license number or Social Security numbers are compromised.

In the letter, Petco said it “corrected the application’s settings after discovering the error,” and that it has implemented some unspecified “additional security measures and technical controls to enhance the security of our applications.”