PayPal officially disclosed a significant data exposure incident involving its PayPal Working Capital (PPWC) application. In a newly circulating security incident, PayPal confirmed that sensitive customer information was exposed for nearly six months in 2025 due to a software flaw in one of its business financing tools.
The breach affected users of PayPal’s Working Capital loan application, exposing a wide range of personally identifiable information, including highly sensitive data such as Social Security numbers and dates of birth. According to PayPal, the incident originated from a coding error within the PayPal Working Capital (PPWC) loan platform.
It is recommended for users to take following steps:
PayPal’s latest disclosure adds to a growing list of high-profile data exposure incidents in the financial sector, underscoring the risks associated with digital financial services in an increasingly digital economy. The incident highlights ongoing challenges in the wake of rising security threats. The prolonged duration of these security challenges-nearly half a year-raises questions among regulators and customers regarding detection capabilities and internal monitoring processes.