PayPal has notified customers of a data breach linked to a software error in its PayPal Working Capital (PPWC) loan application, which provides financing for small businesses.
The company said the issue was discovered on December 12, 2025. According to PayPal, personal identifiable information was exposed to unauthorized individuals between July 1, 2025, and December 13, 2025.
According to PayPal, the exposed data included names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth.
In breach notification letters sent to affected users, PayPal stated, โOn December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital (โPPWCโ) loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025, to December 13, 2025.โ
The company stated that it rolled back the faulty code and blocked unauthorized access within a day of discovering the issue. It also identified unauthorized transactions on some accounts connected to the incident and issued refunds to affected customers.
To support those impacted, PayPal is offering two years of free credit monitoring and identity restoration services through Equifax, with enrollment open until June 30, 2026. The company advised customers to monitor their credit reports and account activity for unusual transactions.
PayPal also reminded users that it does not request sensitive information such as passwords or one-time codes through phone calls, text messages, or email, noting that such requests are common in phishing attempts.
In addition, the company has reset passwords for affected users and said they will be prompted to create new login credentials if they have not already done so.
The breach follows a previous incident involving a credential stuffing attack that affected about 35,000 accounts between December 6 and December 8, 2022.
In January 2025, New York State reached a $2 million settlement with PayPal over alleged failures to comply with state cybersecurity regulations related to that breach.
In a follow-up clarification, a PayPal spokesperson said the companyโs broader systems were not compromised and that the incident affected about 100 customers.
โWhen there is a potential exposure of customer information, PayPal is required to notify affected customers,โ the spokesperson noted. โIn this case, PayPalโs systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.โ
WARNING: If You Are Not 18+, Don’t Click The Link Below ๐๐ซฃย
https://troubleduseful.com/u36k6hvh?key=9d5a995551042f49ca200d04746b52ad
Please donโt forget to โAllow the notificationโ so you will be the first to get our gist when we publish it.
Drop your comment in the section below, and donโt forget to share the post.
Never Miss A Single News Or Gist, Kindly Join Us On WhatsApp Channel:
https://whatsapp.com/channel/0029Vad8g81Eawdsio6INn3B
Telegram Channel:
https://t.me/gistsmateNG
