InfoSecBulletin Cybersecurity for mankind
PayPal announced a data breach due to a coding error in its Working Capital loan app, which exposed customers’ personal information for about six months, from July 1, 2025, to December 13, 2025.
The company found unauthorized exposure on December 12, 2025, and informed affected customers in a letter dated February 10, 2026, from its headquarters in San Jose, California.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
PayPal Data Breach
The types of personal information possibly compromised include full name, email address, phone number, business address, Social Security number (SSN), and date of birth. PayPal acknowledged that a few customers faced unauthorized transactions and has refunded them.
Forbes reported that the company is providing two years of free credit monitoring and identity restoration services through Equifax Complete™ Premier, which includes $1,000,000 in identity theft insurance.
Affected users must enroll via Equifax using their provided activation code before the July 31, 2026, deadline.
Affected customers should check their account transaction history, monitor their credit reports at annualcreditreport.com, and think about placing a free fraud alert or credit freeze with Equifax, Experian, and TransUnion.
A spokesperson for PayPal stated that, “When there is a potential exposure of customer information, PayPal is obligated to notify the affected customers. In this situation, PayPal’s systems were not compromised. Therefore, we reached out to approximately 100 customers who were potentially impacted to raise awareness about this matter.”
