PayPal notifies customers of data breach that exposed SSNs and more for nearly 6 months

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

0

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

PayPal has started notifying business customers of a data breach that exposed personal information, including Social Security numbers, for six months in 2025. The breach lasted from July 1 through December 12, 2025.

Specifically, it affected users of the PayPal Working Capital (PPWC) loan app that provides small businesses with loans. Apparently, there was a software error in the loan application.

PayPal said in its breach notification letter that it discovered the breach on December 12 and immediately reversed the code that caused it, blocking bad actors' access the following day. According to the payment company, the breach exposed customers' names, email addresses, phone numbers, SSNs, and dates of birth.

"On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital ("PPWC") loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025, to December 13, 2025," the letter says.

PayPal told Bleeping Computer that only 100 customers were affected, even as it detected unauthorized transactions resulting directly from the breach. The company reset passwords for impacted accounts.

Third breach in the same six month window

While this data breach was small in the number of impacted individuals, it was part of a six-month trend of breaches suffered by PayPal in 2025.

In August of last year, a dataset that allegedly contained nearly 16 million stolen PayPal credentials, including login emails and passwords. PayPal denied that the breach was new and the exposed information was from a "security incident" in 2022. The company was ordered to pay a $2 million fine by the New York State Department related to the 2022 incident.

The dataset was leaked by cybercriminals on dark web forums in early August, and security researchers noted that much of the information may have already been exploited, lending credence to its age.

In September, we reported that a new phishing scam meant to steal funds and take over PayPal accounts. The scam was sending emails to PayPal account holders, attempting to get them to input their information using malicious links. At the time, it appeared that the scam had been active for over a month.

How to stay safe

Again, this breach was allegedly very small in raw numbers. However, it's still a good reminder that we need to practice strong security hygiene.

For those who do find themselves impacted, PayPal is offering complimentary credit monitoring services via Equifax. With SSNs and other identifying information exposed, it's a good idea to invest in one of the best identity theft protection services. These services will alert you if your data appears online, help recover funds lost to fraud and walk you through restoring accounts and credit.

They do work best if you enroll before a breach, but it can't hurt to do so after one occurs.

Bad actors might use your data to gain access to more accounts and funds. Be sure to double-check any emails, especially those from PayPal. Do not click on any links in suspicious emails and instead go to the source.

Additionally, make sure that you enable two-factor authentication (2FA) to add an extra layer of security for your online accounts to prevent scammers from accessing them.

Finally, you want to protect your devices from the latest cyber threats by making sure you have one of the best antivirus programs installed and up-to-date on your computer. You also want to make sure that you're familiar with all of its features that can help you stay safe online, like a VPN or a hardened browser.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

• 1 billion personal records exposed in massive new data leak — full names, addresses, phone numbers and more
• Data Privacy Day 2026: 4 ways to reclaim control of your personal data
• Your TV is watching you — how to turn off data collection on LG, Samsung, Roku and more