Between June and August 2025, unauthorized actors accessed Prosper Marketplace’s customer databases by exploiting compromised credentials. Prosper (a San Francisco-based peer-to-peer lending platform) detected the unauthorized activity on September 1, 2025. Individual notifications began on December 9, 2025 — approximately 100 days after detection. The breach affected approximately 17.6 million people, with Have I Been Pwned indexing over 17 million unique email addresses (2.8 million never seen in prior breaches). This is among the largest US financial services breaches of 2025 by record count. Compromised data includes names, Social Security Numbers/National ID numbers, dates of birth, bank account numbers, Prosper account numbers, financial/credit application data, driver’s license numbers, marriage and birth certificates, passport numbers, tax information, and payment card numbers — an exceptionally broad dataset enabling identity theft and financial fraud. Prosper offered two years of complimentary credit monitoring and identity restoration through Experian to affected individuals.