PayPal's 'bad code' leads to unauthorized payments

Core Insights - PayPal experienced a data breach due to a coding error in its PayPal Working Capital system, exposing personally identifiable information of some customers from July 1 to December 13 [2][5] - The breach has led to unauthorized transactions for a few customers, prompting PayPal to issue refunds and offer two years of free credit monitoring [4][7] - The incident highlights the increasing targeting of lenders and lending platforms for sensitive data, emphasizing the need for enhanced security measures [3][6] Company Response - PayPal has implemented advanced security controls and reset passwords for affected customers, requiring them to change their passwords upon next login [4] - The company’s response aligns with standard industry practices, but experts warn that identity fraud risks may persist long after the breach [6] Industry Context - The breach is particularly concerning as it occurs during a period when PayPal is trying to recover from an earnings slump, indicating potential reputational and financial risks [7] - PayPal Working Capital focuses on providing loans to small businesses, especially in areas where traditional banks have reduced their presence, which may increase the sensitivity of the data involved [5]