Ethical Hacking News
PayPal has disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error in its PayPal Working Capital loan app. The incident highlights the ongoing threat of cybersecurity breaches and the need for companies to prioritize the protection of their customers' personal information.
PayPal announced a six-month data breach on February 20, 2026, exposing sensitive user data. A software error in its PayPal Working Capital loan app caused the breach. The breach exposed Social Security numbers and personal identification information (PII) of affected customers. PayPal has since implemented stronger security checks to protect customer data. Affected users are advised to monitor their accounts and report any suspicious activity immediately. PayPal offers complimentary credit monitoring and identity restoration services to impacted users.
On February 20, 2026, PayPal announced a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error in its PayPal Working Capital loan app. This incident serves as a stark reminder of the importance of robust cybersecurity measures and the need for companies to prioritize the protection of their customers' personal information.
The data breach was discovered on December 12, 2025, when PayPal identified that a coding error in its PayPal Working Capital (PPWC) loan application had exposed the personal identification information (PII) of a small number of customers to unauthorized individuals during the timeframe of July 1, 2025, to December 13, 2025. The company has since rolled back the code change responsible for this error, which potentially exposed the PII.
In response to the breach, PayPal launched an investigation and blocked the intrusion, resetting affected passwords in an effort to mitigate the damage caused by the unauthorized access. The company also announced the implementation of stronger security checks, demonstrating its commitment to protecting its customers' sensitive information.
Affected users are advised to closely monitor their accounts, transaction history, and free credit reports for suspicious activity and report any fraud immediately. Furthermore, PayPal offers impacted users two years of complimentary credit monitoring and identity restoration services through Equifax, a move aimed at providing support and protection to those whose personal data was compromised as a result of the breach.
It is worth noting that this incident is not an isolated event, but rather part of a larger trend of data breaches and cybersecurity incidents affecting major companies in recent years. In January 2023, PayPal announced that 34942 customers' accounts had been compromised between December 6 and December 8, 2022, due to credential stuffing attacks.
The incident highlights the importance of robust cybersecurity measures and the need for companies to prioritize the protection of their customers' personal information. It also underscores the importance of transparency and communication in the event of a data breach, as well as the role that regulatory bodies can play in enforcing standards for cybersecurity.
In conclusion, the PayPal data breach serves as a reminder of the ongoing threat of cybersecurity breaches and the need for companies to prioritize the protection of their customers' personal information. As we move forward, it is essential that companies like PayPal take proactive steps to prevent such incidents from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/PayPal-Discloses-Extended-Data-Leak-Linked-to-Loan-App-Glitch-A-Cautionary-Tale-of-Cybersecurity-Breaches-ehn.shtml
https://securityaffairs.com/188309/data-breach/paypal-discloses-extended-data-leak-linked-to-loan-app-glitch.html
https://www.forbes.com/sites/daveywinder/2026/02/20/paypal-confirms-data-breach---money-stolen-passwords-reset/
Published: Fri Feb 20 16:41:29 2026 by llama3.2 3B Q4_K_M
