• PayPal disclosed a data breach affecting PPWC loan app, exposing sensitive info for 6 months. • Breach spanned July 1 to December 13, 2025, revealing names, emails, phone, business addresses, SSNs, DOB. • Error due to software change; PayPal rolled back code and blocked attackers within a day of detection. • Unauthorized transactions detected; refunds issued to affected customers. • PayPal offers two years free credit monitoring via Equifax; enrollment deadline June 30, 2026. • Users urged to monitor credit reports, account activity, and avoid phishing scams.
Article Summaries:
- PayPal announced that a software error in its PayPal Working Capital loan application exposed sensitive personal data-including names, emails, phone numbers, business addresses, Social Security numbers, and dates of birth-of roughly 100 customers from July 1 to December 13, 2025. The company discovered the issue on December 12, 2025, rolled back the faulty code the next day, and blocked further access. PayPal identified unauthorized transactions on a few accounts and issued refunds. Affected users receive two years of free credit‑monitoring and identity‑restoration services via Equifax, with enrollment required by June 30, 2026. The breach was caused by a code error, not a system compromise.
Sources: