PayPal, on February 21, 2026, confirmed that its loan app glitch caused a data breach. PayPal user data was exposed for 6 months, including social security numbers, to unknown attackers. Users reported unauthorized transactions and password resets during this period.
To ensure safety, PayPal started sending emails to the affected users. The current reports suggest that 100 users’ data, including name, password, date of birth, and social security numbers, were exposed.
PayPal confirmed that the system was not cashed. Yet users should change passwords and report any unauthorized transactions.
For every PayPal user, it is necessary to read this article to learn everything about the data breach incident, limitations, risks, what data was exposed, and PayPal’s response.
Other People Are Reading: Take Steps to Protect Yourself from Online Scams
PayPal Data Breach:
The PayPal Data Breach started on July 1, 2025. It was reported on December 12, 2025.
During the period of these 6 months, a coding error in the PayPal Working Capital (PPWC) loan application allowed an attacker to access individuals’ data without authorization.
PayPal sent customers notifications about the data breach and asked them to change their passwords.
PayPal reported that:
- 100 customers’ data was compromised.
- An internal software defect caused a data breach.
- PayPal rolled back the code responsible for the breach.
- Affected users faced unauthorized transactions and password resets.
Timeline of PayPal Working Capital Data Breach:
Here is the complete breakdown of the PayPal Working Capital loan application data breach.
- July 1, 2025: PPWC introduced a code change.
- July-December 2025: Sensitive data opened for unauthorized individuals
- December 12, 2025: PayPal detected the issue.
- December 13, 2025: PayPal rolled back the code and terminated unauthorized access.
- February 2026: PayPal issued data breach notification letters.
The 6-months risk window was enough for the attacker to steal user credentials and get unauthorized access.
The huge dwell time raises concerns within the cybersecurity organizations. Longer unauthorized access means a higher risk of exploitation.
What is PayPal Working Capital (PPWC):
You already know that PayPal is the world’s leading financial technology platform for sending and receiving money.
PayPal Working Capital (PPWC) is the financing body of PayPal. It provides short-term funding to small businesses based on their PayPal history.
Features of PPWC:
- Loan repaid automatically from future transactions.
- Only available for qualifying merchants.
- Only available in limited regions.
Due to loan processing, PPWC requires user data like financial records, social security numbers, name, address, passwords, etc. This increases the risk of malicious attacks.
Information Exposed During PayPal Data Breach:
The PayPal Data Breach led to the high-risk personal identifiable information, such as:
- Name
- Email Address
- Date of Birth
- Business Address
- Phone Number
- SSN
Why This Data Combination is Dangerous:
PayPal user data includes some details that can derail the whole financial life of a person.
SSNs and date of birth give attackers the potential to:
- Open fraud accounts
- False tax returns
- Apply for loans
- Synthetic identity frauds
- Phishing attacks
Small business owners’ business details were also exposed. This increased the risk of payment diversion, invoice manipulation, and business email compromise.
PayPal Breach Caused Potential Risks:
PPWC data breach triggered the risk of multiple financial and identity theft risks.
Identity Theft:
Identity theft is one of the most common risks to cybersecurity. SSNs and DOB data exposed to attackers can be used to create fake accounts.
Synthetic Identity Fraud:
Stealers can use SSNs to fabricate details and create fake credit card profiles.
Account Takeover:
With the exposed data, attackers can try to overtake the accounts, change password and make unauthorized transactions.
Phishing:
Attackers can use the breach data to create phishing and social engineering attacks.
Loan and Credit Abuse:
Breached data can be used to access irrelevant business lending from PPWC.
How PayPal Responded to a Data Breach:
PayPal System Not Compromised:
PayPal assured that the data breach only affected PayPal Working Capital (PPWC). The PayPal system was intact. The company terminated the code responsible for unauthorized access.
PPWC data breach was not a traditional data breach. Only a code caused this issue, which was later rolled back.
PayPal has taken the Following Actions:
- Terminated unauthorized access.
- Rolled back the code responsible for the data breach.
- Launched an internal investigation.
- Asked users to reset passwords
- Implemented advanced security controls.
- Refunded unauthorized transactions.
- Offered two years of credit monitoring to users.
PayPal’s Credit Monitoring and Identity Protection:
PayPal is offering affected users two years of credit monitoring through Equifax.
It also included three-bureau credit monitoring, identity restoration, and up to $1,000,000 identify theft insurance.
What Data Breach Affected Users Should Do:
PayPal is sending affected users notifications about the data breach and actions to take to protect users.
- Change Password: You must change your password. Do not use the old password.
- Enable Multi Factor Authentication: Enable 2 way or multi-factor authentication. Link your account with PayPal and your phone number to get notifications every time you login to PayPal.
- Monitor Financial Activity: Review your PayPal transaction history. Check linked accounts and your bank balance.
- Review Credit Report: Review your credit report via Equifax, Experian, and TransUnion.
- Fraud Alert or Credit Freeze: Implement a credit freeze and fraud alert.
- Protect against Phishing Attacks: PayPal does not ask for your password, one-time authentication codes and full credentials.
What Small Businesses Can Do:
Small businesses were exposed to attackers during this PwC data breach.
To protect your small business, you can do the following:
- Separate personal and business credentials.
- Use hardware security keys.
- Implement DMARC, SPF, and DKIM email authentication protocols.
- Conduct access audits.
- Limit the financial transfers.
- Train yourself against phishing attacks.
History of PayPal Security Breaches:
In 2022, PayPal reported that data of 34,942 accounts were compromised.
Attackers reused passwords to take over PayPal user accounts. Even at that time, PayPal did not claim the system breach.
Conclusion:
The PayPal Working Capital (PPWC) data breach is an example of how a simple code can lead to cybersecurity threats. Attackers do not need to perform traditional attacks to exploit the system if software errors are present.
The exposure of 100 customers’ SSNs and DOBs can lead to identity theft and phishing attacks.
Cybersecurity is not just about protecting against traditional attacks. It is about using clean code and tested security measures.
Other people are reading:

.jpg)














