PayPal is notifying customers of a data breach involving its Working Capital loan application software. A software error exposed sensitive personal information for nearly six months between July 1, 2025, and December 13, 2025.
The compromised data includes Social Security numbers, dates of birth, names, and contact information. Approximately 100 customers were impacted by the incident.
PayPal discovered the vulnerability on December 12, 2025, and implemented a fix the following day. The company identified unauthorized transactions on a small number of affected accounts and has issued full refunds.
Impacted users will receive two years of complimentary credit monitoring services.