PayPal has confirmed a data breach specifically involving the PayPal Working Capital (PPWC) loan application. The incident, which was disclosed in February 2026, was caused by a software coding error rather than a direct hack of PayPal’s core infrastructure.
Incident Details
Duration: The vulnerability existed for nearly six months, from July 1, 2025, to December 13, 2025.
Discovery: PayPal identified the issue on December 12, 2025, and rolled back the faulty code within 24 hours.
Impact: Approximately 100 customers were affected. While the number of users is small, the data exposed was highly sensitive.
What Data Was Exposed?
The breach exposed a combination of business and personal information, including:
Full names and business addresses
Email addresses and phone numbers
Social Security numbers (SSNs)
Dates of birth
Also Read : Xfinity Remote Control Not Working
What Action Has PayPal Taken?
Unauthorized Transactions: A few affected accounts saw fraudulent activity. PayPal has confirmed that these victims have been fully refunded.
Security Resets: PayPal has forced password resets for all impacted accounts.
Support Services: Affected users are being offered two years of free credit monitoring and identity restoration services through Equifax.
Next Steps for You
If you use PayPal Working Capital, you should check your email for an official breach notification letter from PayPal (sent around February 10, 2026). Even if you haven’t received a notice, it is a good idea to:
Change your PayPal password if you haven’t recently.
Enable Two-Factor Authentication (2FA) to add an extra layer of security.
Monitor your credit reports for any unusual activity, as SSNs were part of the exposure.
Be the first to comment