PayPal confirms data breach — user info may have been exposed for 6 months, here's what we know so far

• PayPal bug in loan app exposed sensitive customer data for five months
• Some accounts saw unauthorized transactions; victims reimbursed and passwords reset
• PayPal offers two years of free credit monitoring via Equifa

An error in coding of a PayPal app left some customers’ data exposed and even resulted in a few fraudulent transactions, the ecommerce company has confirmed.

PayPal recently notified a subset of its customers that it identified a bug in its PayPal Working Capital (PPWC) loan application, which works as a business financing product, giving eligible businesses a cash advance, based on their PayPal sales history.

Discovered on December 12, 2025, the bug was leaking sensitive data for more than five months, between July 1, 2025, and December 13, 2025, including user names, email addresses, phone numbers, business addresses, Social Security numbers (SSN), and dates of birth.