Approximately 100 users alerted after limited personal data exposure
-
Web Desk
-
PayPal has formally acknowledged a data breach after multiple users reported receiving official notifications regarding a recent cyber intrusion.
The incident involved a threat actor obtaining limited access to certain user information, prompting immediate disclosure by the company.
According to a breach notification letter cited by Bleeping Computer, the unauthorised access occurred on 1 July 2025 and affected a defined group of customers.
The development triggered heightened security concerns after some users reported suspicious account activity, including unverified transactions and unsolicited password reset attempts.
In an official statement, a PayPal spokesperson emphasised that while certain customer data may have been exposed, the company’s core infrastructure remained uncompromised. “When there is a potential exposure of customer information, PayPal is obligated to notify affected customers.
In this instance, PayPal’s systems were not breached. We proactively contacted approximately 100 customers who were potentially impacted to ensure transparency and awareness,” the spokesperson stated.
The compromised information reportedly included names, email addresses, telephone numbers, business addresses, Social Security numbers, dates of birth, and other personally identifiable data.
PayPal further confirmed that a limited number of customers experienced unauthorised transactions linked to the incident.
The company has since assured that all affected individuals have been fully reimbursed and that additional safeguards have been implemented to mitigate future risks.
