PayPal Discloses Data Breach That Exposed User Info For 6 Months

Source: Slashdot

Overview

PayPal is notifying customers of a data breach after a software error in its PayPal Working Capital (PPWC) loan application exposed sensitive personal information, including Social Security numbers, for nearly six months last year.

Details of the Breach

• Affected service: PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing.
• Discovery date: December 12 2025.
• Exposure period: July 1 2025 – December 13 2025.
• Compromised data: Customers’ names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth.

The breach was reported by BleepingComputer: PayPal discloses data breach exposing users’ personal information.

PayPal’s Response

• The erroneous code change was rolled back, blocking attackers’ access to the data one day after the breach was discovered.
• PayPal stated that the notification was not delayed due to any law‑enforcement investigation.
• Affected users received breach notification letters detailing the incident and the steps taken.