PayPal app code error leaked personal info

PayPal app code error leaked personal info

Briefly

"PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts. All of these customers have been fully refunded, according to a PayPal spokesperson. "When there is a potential exposure of customer information, PayPal is required to notify affected customers," the spokesperson told The Register. "In this case, PayPal's systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.""

"According to a February 10 data breach notification sent to affected customers and shared with The Register, the online payment company spotted the unauthorized activity on December 12. It was due to a coding error in its PayPal Working Capital loan application that inadvertently leaked customers' business contact information - including names, Social Security numbers, dates of birth, email addresses, phone numbers, and business addresses - between July 1, 2025, and December 13, 2025."

""PayPal has since rolled back the code change responsible for this error, which potentially exposed the PII," the letter said [PDF]. As soon as it noticed the leak and fraudulent transactions, PayPal says it began an investigation and blocked the unauthorized access, resetting passwords of affected accounts and requiring customers to set a new password the next time they log in. "A few customers experienced unauthorized transactions on their account and PayPal has issued refunds to these customers," according to the notification. The company is also offering affected customers two years of free credit monitoring."