PayPal Working Capital Security Lapse Exposes Data of 100 Users

Core Insights - PayPal notified approximately 100 customers of PayPal Working Capital (PPWC) that their personally identifiable information (PII) was exposed to unauthorized individuals over a five-month period due to an error in its loan application process [1][2][3] Data Breach Details - The error was identified on December 12, and the exposure of PII occurred from July 1 to December 13 [2] - The exposed customer PII included business contact information such as name, email address, phone number, business address, Social Security number, and date of birth [7] Company Response - Upon discovering the cybersecurity incident, the company rolled back the code change responsible for the error, terminated unauthorized access, reset affected account passwords, and implemented enhanced security controls [7] - A few customers experienced unauthorized transactions, and PayPal issued refunds to those affected [8] Previous Incidents - In January 2025, PayPal agreed to pay a $2 million penalty to New York state to settle allegations of cybersecurity failures that led to a data breach [8] - New York alleged that PayPal violated the state's Cybersecurity Regulation by not using qualified personnel for cybersecurity management and failing to provide adequate training on cybersecurity risks [9]