Peer-to-peer lending platform **Prosper** suffered a **cyberattack in September**, exposing **17.6 million records** (per HaveIBeenPwned). The breach compromised **highly sensitive personal data**, including **email addresses, browser user agents, credit statuses, dates of birth, employment details, government-issued IDs, income levels, IP addresses, names, physical addresses, and Social Security numbers**. While **customer accounts and funds remained secure**, the leak of **SSNs and financial identifiers** poses severe risks of **identity theft, fraud, and long-term reputational harm**. Prosper’s investigation remains ongoing, with no confirmed timeline for the intrusion’s start or full scope. The company has pledged **free credit monitoring** for victims and is cooperating with law enforcement. Given Prosper’s role in facilitating **$28 billion+ in loans**, the breach undermines trust in its **data security practices**, though operational disruptions were avoided. If validated, this would rank among **2024’s largest financial-sector breaches**, though it falls short of historic incidents like Yahoo (3B) or JPMorgan Chase (83M).
Source: https://www.theregister.com/2025/10/17/prosper_breach/
TPRM report: https://www.rankiteo.com/company/prosper-marketplace
"id": "pro2693526101725",
"linkid": "prosper-marketplace",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Up to 17.6 million '
'(unconfirmed; under '
'investigation)',
'industry': 'Financial Services (Fintech)',
'location': 'San Francisco, California, USA',
'name': 'Prosper Marketplace, Inc.',
'size': 'Founded in 2005; facilitated $28B+ in loans',
'type': 'Peer-to-Peer Lending Platform'}],
'customer_advisories': 'Free credit monitoring to be offered '
'post-investigation',
'data_breach': {'data_exfiltration': 'Likely (data posted on HIBP)',
'number_of_records_exposed': 'Up to 17.6 million '
'(unconfirmed; HIBP claim)',
'personally_identifiable_information': ['Names',
'Email addresses',
'Physical addresses',
'Dates of birth',
'Social Security '
'numbers',
'Government-issued '
'IDs',
'IP addresses',
'Employment statuses',
'Income levels',
'Credit status',
'Browser user agent '
'details'],
'sensitivity_of_data': 'High (includes SSNs, government IDs, '
'financial/employment details)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Proprietary/Confidential '
'Information']},
'date_publicly_disclosed': '2023-09',
'date_resolved': '2023-09-02',
'description': 'A cyberattack on Prosper, a peer-to-peer lending platform, '
'resulted in the exposure of sensitive personal and '
'proprietary data of up to 17.6 million individuals, according '
'to HaveIBeenPwned (HIBP). The breach included email '
'addresses, browser user agent details, credit status, dates '
'of birth, employment statuses, government-issued IDs, income '
'levels, IP addresses, names, physical addresses, and Social '
'Security numbers. Customer accounts and funds were reportedly '
'unaffected, and platform operations remained uninterrupted. '
'Prosper confirmed unauthorized access was contained by '
'September 2, 2023, but the investigation into the full scope '
'and timeline of the intrusion is ongoing. Affected '
'individuals will be offered free credit monitoring services '
'once the data verification process is complete.',
'impact': {'brand_reputation_impact': 'Potential reputational damage (scale: '
'up to 17.6 million affected '
'individuals)',
'data_compromised': ['Email addresses',
'Browser user agent details',
'Credit status information',
'Dates of birth',
'Employment statuses',
'Government-issued IDs',
'Income levels',
'IP addresses',
'Names',
'Physical addresses',
'Social Security numbers'],
'downtime': 'None (customer-facing operations unaffected)',
'identity_theft_risk': 'High (due to exposure of PII, including '
'SSNs)',
'operational_impact': 'None reported',
'payment_information_risk': 'None (customer accounts and funds '
'reported safe)'},
'investigation_status': 'Ongoing (early stages; data verification in '
'progress)',
'post_incident_analysis': {'corrective_actions': ['Improving security '
'controls (unspecified)',
'Credit monitoring for '
'affected individuals']},
'recommendations': ['Enhance security controls to prevent future incidents',
'Expedite investigation to confirm scope and notify '
'affected individuals',
'Provide transparent updates to maintain customer trust'],
'references': [{'source': 'The Register'},
{'source': 'HaveIBeenPwned (HIBP)'},
{'source': 'Prosper FAQ Page (Incident Response)'}],
'regulatory_compliance': {'regulatory_notifications': 'Likely (standard US '
'data breach '
'notification '
'protocols)'},
'response': {'communication_strategy': ['Dedicated FAQ page for the attack',
'Commitment to share updates as '
'investigation progresses'],
'containment_measures': 'Unauthorized access contained by '
'2023-09-02',
'incident_response_plan_activated': 'Yes (immediately upon '
'detection)',
'law_enforcement_notified': 'Yes (committed to full compliance)',
'remediation_measures': ['Improving security controls',
'Offering free credit monitoring to '
'affected individuals']},
'stakeholder_advisories': 'Limited (FAQ page; no detailed public statements '
'beyond containment confirmation)',
'title': 'Prosper Peer-to-Peer Lending Platform Data Breach (September 2023)',
'type': ['Data Breach', 'Unauthorized Access']}