CATEGORIES
home News

PayPal Warns Of Exposed Social Security Numbers In 6-Month Data Breach

by Chris HarperFriday, February 20, 2026, 02:55 PM EDT
hero paypal mobile
PayPal just disclosed a data breach that exposed sensitive user information, including social security numbers. From July 1st, 2025 to December 12th, 2025, a software glitch in PayPal Working Capital (PPWC) loan applications allowed attackers to gain access to personal user information. While PayPal has since acknowledged and fixed the error, and has undone unauthorized PayPal transactions linked to it, the damage done to affected users is permanent, since that information is now in the hands of cyber criminals who will distribute it and attempt to use it ad nauseum. It's a pretty bad look for PayPal, though the backlash has been somewhat subdued so far.

breach letter paypal
An excerpt from the PayPal Breach Notification letter uploaded to DocumentCloud by BleepingComputer.

The limited backlash may be due to the narrow scope of users impacted by the problem. PPWC loans are only of interest to a small minority of PayPal users, and official estimates of users impacted place the number at "approximately 100 users". ChargeFlow estimates PayPal has a total of 434 million active users, for reference. This would be a far more explosive (and frightening) story if it were a full-blown data breach, but thankfully the impact was limited to this specific type of loan application. It's still bad news for those users, though, and with fraud utilizing the stolen information already documented, it's a profound failure on PayPal's.

Due to the breach, PayPal is now offering two free years of Equifax credit monitoring and identity restoration services to impacted users. Those services will hopefully offset the risk of fraud and identity theft for the impacted users. This story, spotted by BleepingComputer, follows reports of larger-scale data breaches that occurred in late 2022 and early 2023 that culminated in PayPal shelling out $2 million dollars to New York State. Sadly, this isn't the first time that a major corporation has failed to protect user information, and it certainly won't be the last. Readers are advised to stay diligent in their use of digital platforms, especially those requiring any degree of personal information.

Image Credit: PayPal, BleepingComputer
Tags:  PayPal, security, data breach, cybersecurity
Chris Harper

Chris Harper

Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment