Global payments giant PayPal has disclosed a data exposure incident affecting a portion of its customers after a coding flaw in one of its business financing tools left sensitive information accessible for months.
According to TechRadar, the vulnerability was discovered in PayPal’s Working Capital (PPWC) loan application — a product that provides eligible businesses with cash advances based on their PayPal sales history.
Five-Month Exposure Window
TechRadar reported that the issue was identified on December 12, 2025, but had allegedly been present since July 1, potentially exposing customer data for more than five months.
The flaw may have exposed personally identifiable information (PII), including:
- Names
- Email addresses
- Phone numbers
- Business addresses
- Social Security numbers
- Dates of birth
Cybersecurity experts warn that such combinations of data significantly heighten the risk of identity theft, fraud and highly targeted phishing attacks if exploited by malicious actors.
Unauthorised Account Activity Detected
In notifications sent to affected users, PayPal acknowledged that a small number of customers experienced unauthorised activity on their accounts during the exposure period.
While the company did not disclose the exact number of impacted users, it confirmed that access tied to the coding flaw has since been shut down. Affected customers were reimbursed, passwords reset, and the problematic code change reversed.
Customers Urged to Remain Vigilant
PayPal has advised customers to exercise caution, particularly regarding unsolicited emails, suspicious links, and unexpected attachments. Fraudsters often exploit breach-related anxiety to launch phishing campaigns targeting concerned users.
The full scope of the incident — including the total number of affected accounts — has not yet been publicly disclosed.
About PayPal
Founded in the United States, PayPal is one of the world’s largest digital payments platforms. The fintech company enables individuals and businesses to send, receive and manage money electronically across borders.
As an online intermediary, PayPal allows users to complete transactions without directly sharing bank or card details with merchants, making it widely used in e-commerce, freelancing and international money transfers.
