February 20, 2026
Breach, but make it ironic
PayPal discloses data breach that exposed user info for 6 months
Users roast delay, side-eye Equifax freebie, crypto crowd yells “Monero”
TLDR: A PayPal code error exposed Working Capital loan customers’ personal data for six months; the company says it fixed it quickly and about 100 people were affected. Commenters blast the slow notice, roast the Equifax credit monitoring offer, and argue over penalties vs. “just use crypto,” underscoring shaken trust
PayPal says a code error in its Working Capital loan app exposed customer info like names, emails, phone numbers, addresses, Social Security numbers, and birthdays from July 1 to December 13, 2025—and that it was fixed in a day. Later, a spokesperson stressed the systems weren’t actually hacked and said it affected about 100 customers. But the real action? The comments section is on fire.
The loudest chorus is about timing. One user calls out a “two-month-ish delay” between discovery and disclosure; another fumes that a “six-month delay” is outrageous—mixing up the breach length with the notice timing, which others rush in to correct. Still, the vibe is clear: “Tell us faster.” Some want legal penalties for slow notifications.
Then came the irony parade: PayPal is offering two years of free credit monitoring via Equifax—yes, that Equifax. The community’s collective eye-roll was audible, with quips about the fox guarding the henhouse and “breach bingo” getting its free square.
And of course, the crypto cavalry arrived. A Monero evangelist barged in with “use privacy coins and this never happens,” while skeptics countered that merchant loans and day-to-day business still live in the real world. Add a reminder of PayPal’s past troubles (a 2023 incident and a 2025 $2M settlement), and trust is hanging by a thread. Drama delivered.
Key Points
- •An error in PayPal’s Working Capital loan app exposed customer PII from July 1 to December 13, 2025.
- •PayPal discovered the issue on December 12, 2025, reversed the problematic code within a day, and blocked further access.
- •A small number of accounts had unauthorized transactions; PayPal issued refunds and reset impacted account passwords.
- •Affected customers get two years of free Equifax credit monitoring and identity restoration; enrollment deadline is June 30, 2026.
- •Update: PayPal said its systems were not breached and roughly 100 customers were potentially affected; prior 2022 credential stuffing breach and a $2M 2025 New York settlement were noted.