PayPal discloses data breach that exposed user info for 6 months

PayPal Customers’ Data Exposed in Massive Loan Application Glitch: Social Security Numbers and More Leaked for 6 Months

In a shocking revelation that has sent shockwaves through the fintech industry, PayPal has confirmed a massive data breach that exposed sensitive personal information of its customers. The breach, which occurred in the PayPal Working Capital (PPWC) loan application, has left thousands of users vulnerable to identity theft and financial fraud. Here’s everything you need to know about this alarming incident.

The Breach: What Happened?

On December 12, 2025, PayPal discovered a critical software error in its PPWC loan application that exposed sensitive personal information of its customers. The breach, which lasted for nearly six months, affected a small number of users who had applied for loans through the platform. The exposed data included names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth.

Timeline of the Incident

The breach began on July 1, 2025, and continued until December 13, 2025, when PayPal finally identified and addressed the issue. The company has since rolled back the code change responsible for the error, effectively blocking unauthorized access to the exposed data.

Impact on Customers

While PayPal has not disclosed the exact number of affected customers, the company has confirmed that a small number of users were impacted. However, the exposure of such sensitive information as Social Security numbers and dates of birth poses a significant risk to the affected individuals.

Unauthorized Transactions Detected

In addition to the data exposure, PayPal also detected unauthorized transactions on the accounts of a small number of customers as a direct result of the incident. The company has issued refunds to those affected and is taking steps to prevent further unauthorized activity.

Credit Monitoring and Identity Restoration Services

To help affected customers protect themselves from potential identity theft, PayPal is offering two years of free three-bureau credit monitoring and identity restoration services through Equifax. Customers must enroll in these services by June 30, 2026, to take advantage of this offer.

Security Measures and Recommendations

PayPal has reset passwords for all impacted accounts and is prompting users to create new credentials upon their next login. The company has also advised affected customers to monitor their credit reports and account activity for any suspicious transactions.

A History of Security Issues

This is not the first time PayPal has faced a data breach. In January 2023, the company notified customers of another breach that compromised 35,000 accounts due to a large-scale credential stuffing attack. Two years later, in January 2025, New York State announced a $2,000,000 settlement with PayPal over charges that it failed to comply with the state’s cybersecurity regulations, leading to the 2022 data breach.

PayPal’s Response

In response to the recent breach, PayPal has emphasized that its systems were not compromised and that the incident exposed the data of roughly 100 customers. The company has also reiterated its commitment to protecting customer information and is taking steps to prevent similar incidents in the future.

Conclusion

The PayPal data breach serves as a stark reminder of the importance of robust cybersecurity measures in the digital age. As more and more financial transactions move online, the risk of data breaches and identity theft continues to grow. It is crucial for companies like PayPal to prioritize the security of their customers’ information and to take swift action in the event of a breach.

Tags and Viral Phrases

• PayPal data breach
• PayPal Working Capital loan app
• Sensitive personal information exposed
• Social Security numbers leaked
• Identity theft risk
• Unauthorized transactions
• Credit monitoring services
• Cybersecurity regulations
• Credential stuffing attack
• Financial fraud
• Data protection
• Online security
• Digital transactions
• Customer information security
• Breach notification
• Equifax credit monitoring
• Identity restoration services
• PayPal security measures
• Cybersecurity best practices
• Data breach prevention

,