A code update error in PayPal’s Working Capital loan application exposed approximately 100 customers’ personally identifiable information from July 1 to December 13, 2025 — approximately six months. PayPal discovered the issue on December 12, rolled back the code on December 13, 2025, and sent breach notifications on February 10, 2026. Exposed data included business contact information (name, email, phone, address), Social Security numbers, and dates of birth. A small number of customers experienced unauthorized transactions on their accounts and received refunds. PayPal reset affected account passwords, implemented enhanced security controls, and offered two years of complimentary three-bureau credit monitoring via Equifax.