PayPal has notified customers that a software error in its PayPal Working Capital (PPWC) loan application exposed sensitive personal information—including names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth—between July 1, 2025 and December 13, 2025. PayPal says it rolled back the code change that caused the exposure, reset impacted passwords, issued refunds for unauthorized transactions to a small number of customers, and is offering two years of Equifax credit monitoring and identity restoration. #PayPal #PPWC
Keypoints
- A software error in the PayPal Working Capital (PPWC) loan app exposed customer PII for nearly six months.
- Exposed data included names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth.
- PayPal discovered the issue on December 12, 2025, and rolled back the code change the next day.
- The company reported unauthorized transactions for a small number of customers, issued refunds, and is offering two years of three-bureau Equifax credit monitoring.
- PayPal stated its systems were not breached, about 100 customers were potentially impacted, and the incident follows prior breaches and a New York settlement.