Unauthorized Exposure of Customer PII in PayPal Loan Platform

Published Date: February 24, 2026
Category: ShadowOpsIntel
Share:

PayPal issued a data breach notification informing affected customers that a cybersecurity incident exposed certain personal information due to an application error in its PayPal Working Capital (PPWC) loan application system.

Severity: High

Incident Overview

  • Entity: PayPal.
  • Incident Type: Data exposure due to a software error.
  • Identification Date: December 12, 2025.
  • Exposure Window: July 1, 2025, to December 13, 2025.
  • Root Cause: A code change error within the PayPal Working Capital (PPWC) loan application.

Compromised Data Elements

The breach potentially involved the following data points:

  • Personal Identifiers: Full name, Social Security number (SSN), and Date of Birth.
  • Contact Information: Email address and phone number.
  • Business Data: Business address and business contact info.

Financial Impact

  • Unauthorized Transactions: A subset of affected customers experienced fraudulent account activity.
  • Remediation: PayPal has issued refunds to those impacted by these transactions.

Company Response

  • Vulnerability Remediation: The code change responsible for the PII exposure was rolled back.
  • Access Control: Unauthorized access to PayPal systems was terminated.
  • Credential Security: Passwords for affected accounts were reset, and enhanced security controls now require these users to establish new passwords.
  • Credit Monitoring: Two years of complimentary three-bureau credit monitoring and identity restoration services through Equifax.

Recommendations

  1. Use unique username and password combinations for every website and service you use to prevent “credential stuffing” attacks where leaked data is used to access other accounts.
  2. Regularly review your account information, transaction history, and free credit reports for any suspicious activity. If you detect any unauthorized transactions or suspicious activity, contact PayPal immediately.
  3. Sign up for the two years of complimentary three-bureau credit monitoring and identity restoration services provided through Equifax. You must complete your enrollment for these services by June 30, 2026.
  4. Consider placing a “fraud alert” or a “credit freeze” on credit files to prevent unauthorized credit applications.
  5. Hover over email links to verify destination URLs and ignore messages promoting manufactured urgency.
  6. Deploy Data Loss Prevention (DLP) monitoring for PII exposure events.

Source:

  • https://www.bleepingcomputer.com/news/security/paypal-discloses-data-breach-exposing-users-personal-information/
  • https://www.documentcloud.org/documents/27345193-paypal-february-2026-breach-notification/

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

 Talk to an expert