PayPal has confirmed a data breach impacting several customers, prompting security alerts and account notifications.
The company says all affected users have been refunded.
PayPal users began receiving emails alerting them to a cyber attack that exposed personal information.
The breach reportedly occurred on July 1, 2025, when a threat actor gained access to certain PayPal systems, leading to unverified transactions and some password resets.
Despite the incident, PayPal stated that its systems were not fully compromised and only approximately 100 users were potentially affected.
What information was exposed?
The company confirmed that hackers accessed sensitive customer data, including:
-
Full name
-
Email address
-
Phone number
-
Business address
-
Social Security number
-
Date of birth
-
Other personal details
Additionally, a few users reported unauthorized transactions, which PayPal has since refunded.
PayPal’s response
A spokesperson for PayPal emphasized transparency, stating:
"When there is a potential exposure of customer information, PayPal is required to notify affected customers. In this case, PayPal’s systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter."
The company has urged all users to remain vigilant, monitor account activity, and update passwords as a precaution.
What customers should do
Even though refunds have been issued, users are advised to:
-
Check account statements for unusual activity
-
Update PayPal passwords and enable two-factor authentication
-
Be wary of phishing emails claiming to be from PayPal
The incident underscores the ongoing need for cybersecurity vigilance in online financial services.







