The PayPal Working Capital (PPWC) data breach exposed sensitive user data for nearly six months in 2025, according to the company’s official disclosure.
PayPal confirmed that a software flaw in its PPWC loan application led to the exposure. The issue reportedly persisted from July 1 until mid-December 2025 before it was identified and fixed.
PayPal Working Capital Data Breach: What Was Exposed
The breach affected users of the PayPal Working Capital loan platform. According to the company, the incident stemmed from a coding error within the business financing tool.
As a result, personally identifiable information was exposed. This included highly sensitive data such as Social Security numbers and dates of birth.
PayPal described the incident as part of a broader wave of cybersecurity challenges facing digital financial services. The length of the exposure period has raised concerns among regulators and customers about monitoring systems and detection processes.
Read: Caretaker IT Minister Unveils Ambitious Move To Bring PayPal, Stripe, and Wise to Pakistan
Although the issue has now been rectified, users are advised to remain vigilant. PayPal recommends several precautionary measures:
- Enrol in credit monitoring services.
- Place fraud alerts or credit freezes if necessary.
- Update passwords across financial accounts.
- Be cautious of unsolicited emails, calls, or messages.
These steps may help reduce the risk of identity theft or fraud following a data exposure.
The incident adds to a growing list of security breaches in the financial sector. It also highlights the increasing risks associated with digital financial platforms in a rapidly evolving digital economy.
