• PayPal disclosed a data breach affecting personal info of ~100 customers. • Breach caused by coding error in PayPal Working Capital loan application. • Exposed data included names, emails, DOB, phone, business address, SSNs. • Exposure lasted nearly six months, from July 1 to Dec 13, 2025. • Unauthorized transactions occurred; PayPal refunded affected customers and reset passwords. • PayPal claims systems were not compromised, but notification contradicts that statement.
Article Summaries:
- PayPal disclosed a data breach that exposed personal information for a small number of customers from July 1 to December 13, 2025. The incident stemmed from a coding error in the PayPal Working Capital loan application, which was later rolled back and passwords reset. Exposed data included names, email addresses, dates of birth, phone numbers, business addresses and SSNs. Affected users experienced unauthorized transactions; PayPal issued refunds and notified roughly 100 customers. While the company claims its systems were not compromised, it also stated it terminated unauthorized access after detection. SecurityWeek has requested further clarification.
Sources: