PayPal disclosed a data breach and associated fraud incident caused by a coding error in its payment application. The error allowed unauthorized access to a subset of user account data and was used to facilitate fraud against affected customers. PayPal detected the issue and remediated the coding error. Affected customers were notified and offered remediation. The incident is notable as a software-error-driven breach rather than a traditional hack — an increasingly recognized breach category as complex application ecosystems create more opportunities for implementation flaws to expose user data.