PayPal Data Breach Exposes Customer Information, Leads to Fraudulent Transactions
PayPal recently disclosed a data breach affecting a limited number of customers, exposing sensitive personal information and enabling unauthorized transactions. The incident stemmed from a coding error in the PayPal Working Capital (PPWC) loan application, which left customer data vulnerable for nearly six months from July 1 to December 13, 2025.
The exposed data included names, email addresses, dates of birth, phone numbers, business addresses, and Social Security numbers (SSNs). While PayPal stated that its systems were not compromised, the breach notification to affected users indicated that unauthorized access to its systems was detected and terminated.
A small number of customers experienced fraudulent transactions, prompting PayPal to issue refunds. The company confirmed that roughly 100 customers were impacted and notified. The vulnerability was addressed by rolling back the faulty code and resetting affected users' passwords, though exploitation occurred before the patch was applied.
PayPal’s conflicting statements claiming no system compromise while acknowledging terminated unauthorized access have prompted further inquiries from cybersecurity outlets. The incident follows recent PayPal-related threats, including phishing campaigns and malicious NPM packages targeting users.
Source: https://www.securityweek.com/paypal-data-breach-led-to-fraudulent-transactions/
PayPal TPRM report: https://www.rankiteo.com/company/paypal
"id": "pay1771967012",
"linkid": "paypal",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '100',
'industry': 'Financial Services',
'name': 'PayPal',
'type': 'Company'}],
'attack_vector': 'Coding Error',
'customer_advisories': 'Breach notification sent to affected users',
'data_breach': {'personally_identifiable_information': ['Names',
'Email addresses',
'Dates of birth',
'Phone numbers',
'Business addresses',
'Social Security '
'numbers (SSNs)'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Sensitive Personal '
'Information']},
'date_detected': '2025-12-13',
'description': 'PayPal recently disclosed a data breach affecting a limited '
'number of customers, exposing sensitive personal information '
'and enabling unauthorized transactions. The incident stemmed '
'from a coding error in the PayPal Working Capital (PPWC) loan '
'application, which left customer data vulnerable for nearly '
'six months from July 1 to December 13, 2025. The exposed data '
'included names, email addresses, dates of birth, phone '
'numbers, business addresses, and Social Security numbers '
'(SSNs). While PayPal stated that its systems were not '
'compromised, the breach notification indicated that '
'unauthorized access to its systems was detected and '
'terminated. A small number of customers experienced '
'fraudulent transactions, prompting PayPal to issue refunds.',
'impact': {'data_compromised': 'Names, email addresses, dates of birth, phone '
'numbers, business addresses, Social Security '
'numbers (SSNs)',
'financial_loss': 'Refunds issued for fraudulent transactions',
'identity_theft_risk': 'High',
'systems_affected': 'PayPal Working Capital (PPWC) loan '
'application'},
'post_incident_analysis': {'corrective_actions': 'Rollback of faulty code, '
'password resets',
'root_causes': 'Coding error in PayPal Working '
'Capital (PPWC) loan application'},
'references': [{'source': 'Cybersecurity outlets'}],
'response': {'containment_measures': 'Unauthorized access terminated, faulty '
'code rolled back, passwords reset',
'remediation_measures': 'Rollback of faulty code, password '
'resets'},
'title': 'PayPal Data Breach Exposes Customer Information, Leads to '
'Fraudulent Transactions',
'type': 'Data Breach',
'vulnerability_exploited': 'Coding error in PayPal Working Capital (PPWC) '
'loan application'}