Wednesday, June 3, 2026
Latest:
News

PayPal Confirms Data Breach, Some Users Report Unauthorized Transactions

seanhackacademy

PayPal has confirmed that a data breach exposed personal information belonging to a limited number of customers, with some reporting unauthorized transactions and forced password resets.

The disclosure follows breach notification letters sent to affected users, confirming that a threat actor gained access to certain PayPal systems on July 1, 2025. According to the notifications, the unauthorized access continued until December 12, 2025, when the incident was discovered and contained.

The breach is understood to be linked to an error within PayPal Working Capital loan applications. While the scale of the incident appears limited, the exposure spanned more than five months before detection.

In an update issued following publication of initial reports, a PayPal spokesperson stated that the company’s systems were not compromised. The spokesperson said PayPal contacted approximately 100 customers who were potentially impacted to provide awareness.

However, breach notifications referenced the termination of unauthorized access to PayPal systems, raising questions about the precise nature of the incident. Further clarification is expected.

What Information Was Exposed

Based on available information, the data potentially accessed includes:

  • Name

  • Email address

  • Phone number

  • Business address

  • Social Security number

  • Date of birth

PayPal confirmed that a small number of customers experienced unauthorized transactions. The company said refunds have already been issued to those affected. No further details have been provided regarding the nature or value of the transactions.

Security Measures Taken

PayPal says it has terminated the attacker’s access and reset passwords for impacted accounts. Affected users may be required to create a new password when attempting to log in.

The company is offering two years of complimentary credit monitoring and identity restoration services through Equifax to impacted customers.

Although the breach does not appear to affect the broader PayPal user base, the incident underscores ongoing risks associated with financial platforms and extended detection windows. PayPal has urged customers to remain vigilant, monitor account activity and review transaction histories for any irregularities.

The investigation remains ongoing, and further updates are expected as additional details emerge.

If a global payments giant can experience months of unauthorized access, what does that mean for your own digital footprint?

Cyber threats are no longer theoretical. They are active, persistent and often invisible until damage is done. Whether you run a business, manage client data or simply want to protect your personal finances, stronger cybersecurity skills are no longer optional.

Take control of your digital safety. Learn how breaches happen, how attackers exploit weaknesses, and most importantly, how to defend against them.

Start building real world cyber resilience today:
https://training.thehackacademy.com/course/

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *