Updated February 22 with details of previous PayPal security incidents and warnings, further advice for those impacted by the confirmed PayPal Working Capital data breach, which prompted transaction refunds and account password resets, and as a statement from a PayPal spokesperson. Some PayPal users have started to receive email from the company confirming a data breach that exposed personal information to a threat actor who gained access to PayPal’s systems, leading to some seeing unauthorized transactions on their accounts and the resetting of passwords. Here’s what you need to know. A breach notification letter, which I have verified myself, has confirmed that some PayPal users have been impacted by a data breach after a hacker gained access to PayPal systems on July 1, 2025. The hacker apparently had access until December 12, 2025 when PayPal discovered the security incident. The breach, according to the notifications, which are dated February 10, impacted some users “due to an error in its PayPal Working Capital (“PPWC”) loan application.” It remains to be seen how the attacker access evolved, of course, as this remains something of a developing story and PayPal has yet to explain this in any detail beyond a “code change” being responsible. However, following publication of this article, a PayPal spokesperson provided the following statement: “When there is a potential exposure of customer information, PayPal is required to notify affected customers. In this case, PayPal’s systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.” I am currently awaiting clarification regarding the seeming disparity between the statement saying that “PayPal’s systems were not compromised,” and the notification, which stated that following an investigation, the company had “terminated the unauthorized access to PayPal’s systems.” I will add another update if and when such a clarification is forthcoming. “Upon learning about this unauthorized activity, we promptly began an investigation and took action to address this incident, including by taking steps to prevent unauthorized actors from obtaining further personal information,” the PayPal notification stated. It would, however, be nice to know why it took a whole six months for PayPal’s security team to notice the exposure to unauthorized individuals, as mentioned in the breach notification itself. That’s a huge window of opportunity for attackers, and we should be grateful that so few accounts were potentially impacted before it was closed for good. PayPal has also confirmed that “a few customers experienced unauthorized transactions on their account,” and we now know that this was a very small number, 100 according to the spokesperson who contacted me. PayPal confirmed that it has already issued refunds to those customers who were impacted. I have covered many previous PayPal security warnings, which have mostly concerned phishing attacks delivered by email, text, or phone, although, if you stretch back as far as 2023, there was another breach. I reported on this at the time, confirming that a total of 34,942 PayPal accounts had been accessed by attacks using a credential stuffing attack methodology. Such attacks involve threat actors deploying an automated process in an attempt to access accounts with login credentials that have been compromised in some way, often credentials that have been reused between accounts and subsequently breached at one of them. Lists of such breached credentials are readily available on the dark web. In December, 2025, I reported how attackers were using legitimate infrastructure to bypass email authentication protections when delivering malicious messages disguised as genuine PayPal support communications. On this occasion, the PayPal billing subscriptions feature was being abused by hackers in an attempt to steal your user account credentials. At the time, a PayPal spokesperson told me: “PayPal does not tolerate fraudulent activity, and we work hard to protect our customers from consistently evolving phishing scams. We are actively mitigating this matter, and encourage people to always be vigilant online and mindful of unexpected messages. If customers suspect they are a target of a scam, we recommend they contact Customer Support directly through the PayPal app or our Contact page for assistance.” More complete details can be found on OUR FORUM.