PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year.

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

PayPal is notifying customers of a data breach caused by a software error in its PayPal Working Capital (PPWC) loan application. The bug exposed sensitive personal information — including names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth — for nearly six months, from July 1 to December 13, 2025. PayPal discovered the breach on December 12, 2025, and reversed the responsible code change the following day. A small number of affected accounts also saw unauthorized transactions, for which refunds have been issued. Affected users are being offered two years of free three-bureau credit monitoring through Equifax. PayPal has reset passwords for all impacted accounts. The company has not yet disclosed the total number of affected customers.

PayPal discloses data breach that exposed user info for 6 months