Prosper Marketplace, a peer-to-peer lending fintech platform, suffered a major data breach exposing **17.6 million unique email addresses** and sensitive personal information of customers and prospective customers. The compromised data included **names, dates of birth, physical/email addresses, Social Security numbers, credit status, employment details, and income information**. While the company claims no unauthorized access to customer accounts or funds, the breach involved **unauthorized database queries** targeting proprietary and personal data. The incident was detected in mid-September, with the attack blocked by **September 2**, though the initial intrusion timeline remains undisclosed. Prosper, valued at nearly **$20 billion** after a $350 million funding round in April, has since enhanced security controls, including **robust monitoring and alerting systems**. The breach notification service *Have I Been Pwned* confirmed **2.8 million previously unexposed email addresses** among the leaked data, highlighting the severity of the exposure.
Source: https://www.bankinfosecurity.com/prosper-market-data-breach-affects-176m-individuals-a-29755
TPRM report: https://www.rankiteo.com/company/prosper-marketplace
"id": "pro4595545101725",
"linkid": "prosper-marketplace",
"type": "Breach",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '17.6 million individuals '
'(customers and prospective '
'customers)',
'industry': 'Finance & Banking',
'location': 'San Francisco, California, USA',
'name': 'Prosper Marketplace',
'size': 'Large (2.3M+ customers, $29B in originated '
'loans)',
'type': 'Fintech (Peer-to-Peer Lending Platform)'}],
'customer_advisories': 'Encouraged to monitor accounts and credit reports; no '
'evidence of unauthorized access to funds',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '17,600,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, financial, and '
'employment details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data (credit status, '
'income)',
'Employment Data']},
'date_detected': '2024-09-01T00:00:00Z',
'date_publicly_disclosed': '2024-09-17',
'description': 'Hackers stole personal information pertaining to more than 17 '
'million individuals from peer-to-peer lending marketplace '
'Prosper. Exposed data included names, dates of birth, contact '
'information (physical and email addresses), Social Security '
'numbers, credit status, employment, and income details. The '
'breach was detected in mid-September 2024, with the attack '
'blocked by September 2. Prosper is investigating and '
'implementing additional security controls, including robust '
'monitoring and alerting. No unauthorized access to customer '
'accounts or funds was reported, and operations remain '
'uninterrupted.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive personal data',
'data_compromised': ['Names',
'Dates of Birth',
'Physical Addresses',
'Email Addresses (17.6M unique, 2.8M newly '
'exposed)',
'Social Security Numbers',
'Credit Status',
'Employment Details',
'Income Details'],
'identity_theft_risk': 'High (due to exposure of SSNs and PII)',
'operational_impact': 'None (customer-facing operations '
'uninterrupted)',
'systems_affected': ['Company databases storing customer and '
'applicant data']},
'initial_access_broker': {'high_value_targets': ['Customer databases']},
'investigation_status': 'Ongoing (as of 2024-09-17)',
'post_incident_analysis': {'corrective_actions': ['Enhanced monitoring and '
'security alerting']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Information Media Group (IMG)'},
{'source': 'Have I Been Pwned (Troy Hunt)',
'url': 'https://haveibeenpwned.com'},
{'source': 'Prosper Marketplace Breach Notification '
'(2024-09-17)'}],
'response': {'communication_strategy': ['Breach notification published on '
'2024-09-17, ongoing updates to '
'customers'],
'containment_measures': ['Attack blocked by 2024-09-02'],
'enhanced_monitoring': ['More robust monitoring and security '
'alerting'],
'incident_response_plan_activated': True,
'recovery_measures': ['Implementation of additional security '
'controls and safeguards']},
'stakeholder_advisories': 'Customers and prospective customers notified via '
'breach notification',
'title': 'Prosper Market Data Breach Affects 17.6M Individuals',
'type': ['Data Breach', 'Unauthorized Data Access']}