The Digest:
PayPal has confirmed a data breach affecting its PayPal Working Capital (PPWC) loan application, exposing personal identifiable information of approximately 100 customers between July 1 and December 13, 2025. The company discovered the issue on December 12, 2025, caused by a software error that allowed unauthorized individuals access to names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth. PayPal stated it rolled back the faulty code and blocked unauthorized access within a day. Unauthorized transactions were identified on some accounts, with refunds issued to affected customers. The company is offering two years of free credit monitoring through Equifax, with enrollment until June 30, 2026. Passwords have been reset for affected users. A PayPal spokesperson clarified the company's broader systems were not compromised, with only about 100 customers potentially impacted.
Key Points:
- The breach exposes sensitive personal data of small business customers.
- It highlights vulnerabilities in financial technology platforms.
- Affected customers face identity theft risk, while PayPal offers monitoring.
- This signals the importance of robust cybersecurity for financial services.
- The timing, with swift remediation, aims to contain damage.
Sources: Nigerian Tribune, PayPal
