ADVERTISEMENT

PayPal breach went undetected for six months, exposing Social Security numbers

PayPal has been sending data breach notification letters to customers affected by a recently discovered “cyber incident” dating back to 2025, in which an unknown attacker was found lurking in its systems for nearly six months.

PayPal data breach credential leak

Image by T. Trutschel via Getty Images.

Stefanie Schappert
Stefanie Schappert Senior Journalist
Feb 20, 2026 Updated: 20 February 2026 3 min read
Key takeaways:
PayPal 6 month breach
PayPal sent a Notice of Breach Letter to affected customers as required by law. Image by Cybernews.

Six months inside PayPal’s systems

PayPal Working Capital
PayPal Working Capital offers quick, flexible funding to business customers. PayPal.com
“When there is a potential exposure of customer information, PayPal is required to notify affected customers. In this case, PayPal’s systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.”
– PayPal Spokesperson

What data was exposed

hackers phishing
Compromised PayPal accounts are at increased risk of phishing attacks. Image by Cybernews
ADVERTISEMENT
  • Name
  • Social Security number
  • Date of birth
  • Email address
  • Phone number
  • Business address
PayPal mobile phone
PayPal says affected users will be required to reset their account passwords. Image by Shutterstock

What PayPal is doing now

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
  • Use a unique username and password combination for every website and service.
  • Change password and security questions immediately after any suspicious activity.
  • Hover over links in emails to check the real destination URL before clicking.
  • Do not click on links if you are unsure where they lead.
  • Be cautious of messages that create a sense of urgency or demand immediate action.
  • If a message claims to be from PayPal and seems urgent, visit paypal.com directly in your browser and log in to check for legitimate notifications.

ADVERTISEMENT