PayPal Customer Data Exposed for Six Months in Breach

PayPal has disclosed a data breach that exposed some of its customers’ personal information and led to fraudulent transactions. 

The company said it happed due to an error in its PayPal Working Capital (“PPWC”) loan application, an offering that gives businesses a cash advance based on their PayPal sales history.

Between 1 July and 13 December 2025, the PII of a small number of customers was exposed to bad actors. PayPal added that it has since rolled back the code change responsible for this error.

Types of data exposed include, full names, email addresses, phone numbers, mailing addresses, dates of birth, and SSNs. PayPal insisted that no financial account information, login credentials, passwords, and credit card or bank account numbers were accessed or exposed.

“Upon learning about this unauthorized activity, we began an investigation and terminated the unauthorized access to PayPal’s systems. We reset the passwords of the affected ...