The Business & Technology Network
Helping Business Interpret and Use Technology
Home
Newswire > PayPal Working Capital Security Lapse Exposes Data of 100 Users
PayPal Working Capital Security Lapse Exposes Data of 100 Users
«  

February

  »
S M T W T F S
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 

PayPal Working Capital Security Lapse Exposes Data of 100 Users

Tags: new social
DATE POSTED:February 23, 2026
PYMNTS.com
Original article

PayPal notified about 100 customers of PayPal Working Capital (PPWC) that their personally identifiable information (PII) was exposed to unauthorized individuals over a five-month period due to an error in its PPWC loan application.

The company identified the error on Dec. 12 and learned that the PII was exposed from July 1 to Dec. 13 it said in a Feb. 10 notice of data breach sent to customers in Massachusetts.

“We have not delayed this notification as a result of any law enforcement investigation,” PayPal said in the notice.

Reached by PYMNTS, a PayPal spokesperson said in an emailed statement that the company notified about 100 customers.

“When there is a potential exposure of customer information, PayPal is required to notify affected customers,” the statement said. “In this case, PayPal’s systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.”

According to the notice of data breach, the customer PII that may have been exposed in the incident included business contact information such as name, email address, phone number and business address, as well as the customer’s Social Security number and data of birth.

When PayPal discovered the cybersecurity incident, the company rolled back the code change that was responsible for the error, the notice said. It also terminated unauthorized access to PayPal’s systems, reset the passwords of the affected accounts, and implemented enhanced security controls, per the notice.

“A few customers experienced unauthorized transactions on their account and PayPal has issued refunds to those customers,” the company said in the notice.

In an earlier, separate incident, PayPal agreed in January 2025 to pay a $2 million penalty to New York state to settle the state’s allegations that the company had cybersecurity failures that led to a data breach.

New York alleged that PayPal violated the state’s Cybersecurity Regulation by failing to use qualified personnel to manage cybersecurity and by failing to provide adequate training around cybersecurity risks, the New York State Department of Financial Services said at the time in a press release.

A PayPal spokesperson said at the time in an emailed statement: “After self-reporting and disclosing this issue, we worked closely with the New York Department of Financial Services to resolve this matter, which occurred in December 2022.”

The post PayPal Working Capital Security Lapse Exposes Data of 100 Users appeared first on PYMNTS.com.

PYMNTS.com
Original article
Tags: new social
Newswire > PayPal Working Capital Security Lapse Exposes Data of 100 Users

All Rights Reserved. Copyright , Central Coast Communications, Inc.