PayPal has acknowledged a security breach impacting users of its PayPal Working Capital loan service, with unauthorized access persisting for around six months.

Following the announcement, it was reported that unauthorized parties had gained access to certain PPWC accounts from July 1, 2025, until December 12, 2025. PayPal has informed approximately one hundred affected customers and taken steps such as resetting passwords and offering refunds for any unauthorized transactions.

Six months of unauthorized access

Based on breach notification letters issued on February 10, 2026, the initial breach occurred in July 2025 due to a coding flaw within the loan application system. The exact nature and evolution of the vulnerability were not disclosed by PayPal.

The personal data at risk included complete names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth. This information poses significant risks, especially as identity theft could result from such details being compromised.

PayPal has taken actions to terminate the attacker’s access and prevent further unauthorized data breaches. Affected users are entitled to two years of complimentary credit monitoring and identity restoration services provided by Equifax.

Context and previous incidents

This event follows other security lapses; in 2023, around 34,942 accounts were compromised through a credential stuffing attack. Additionally, in December 2025, threats involved abusing PayPal’s subscription system to send phishing emails.

PayPal maintains that it continuously monitors for suspicious activities and implements measures like restricting risky accounts and declining high-risk transactions proactively.

Despite the limited number of affected customers, the sensitive nature of the data involved increases the potential risks faced by those impacted. Users are advised to maintain strong security practices, such as using distinct credentials across services and vigilantly monitoring account activity.