a smartphone placed on a laptop keyboard displays the logo of the online payment service PayPal,

PayPal confirms data breach – could UK users be affected?

Online payments giant PayPal has confirmed a data breach linked to its PayPal Working Capital (PPWC) loan product.

The issue reportedly stemmed from a coding error in the PPWC loan application system, which may have exposed sensitive personal information for more than five months.

While PayPal says the number of affected customers is small, the nature of the data involved means the incident raises important questions, including whether UK users could be impacted. 

What happened in the PayPal data breach?

According to breach notifications sent to affected users, an unauthorised party gained access to certain PayPal Working Capital data between 1 July 2025 and 12 December 2025. PayPal says the issue was discovered in December and that access was terminated promptly once identified. 

A spokesperson has stated that approximately 100 customers were potentially affected. 
Some reportedly experienced unauthorised transactions, which PayPal says have now been refunded.

Impacted users have also had their passwords reset. 

The information that may have been accessed includes: 

  • Name
  • Email address
  • Phone number
  • Business address
  • Date of birth
  • Social Security number (SSN)   

The inclusion of Social Security numbers strongly suggests that at least some affected users were based in the United States. However, PayPal has not publicly confirmed that only US users were impacted. 

Does this affect people in the UK?

Possibly — but only in limited circumstances. The breach relates specifically to PayPal Working Capital, which is a business finance product. It is not a standard personal PayPal account feature.

PayPal Working Capital has historically been available in the UK. That means UK businesses who applied for or used the product during the affected period could, in theory, be impacted. 

That said, at the moment: 

  • The reported number of affected users is small
  • References to Social Security numbers indicate US involvement 
  • There is no indication of widespread impact on UK consumer accounts. 

If you are a UK personal PayPal user who has never used PayPal Working Capital, this breach is unlikely to affect you. 

What should affected users do?

If you receive a notification from PayPal that you are affected by this breach: 

  • Review your transaction history carefully
  • Reset your password (even if already prompted to do so)
  • Enable two-factor authentication if you have not already
  • Be alert to phishing emails referencing loans or account activity. 

PayPal is reportedly offering two years of complimentary credit monitoring through Equifax to affected users. 

A reminder about phishing risks

Criminals rely on confusion and urgency. So, even if you are not directly impacted, incidents like this often trigger waves of scam emails and fake “security alerts”. 

If you receive an email claiming to be from PayPal: 

  • Do not click links immediately 
  • Log in directly via the official website or app
  • Never share one-time passcodes or passwords. 

PayPal has reiterated that it will never ask for your password or authentication codes over email or phone.

We will continue to monitor updates, particularly if confirmation emerges about UK users being directly impacted. If further details suggest broader exposure, we will publish a full update explaining what it means, and what your options are. 

This information is for general guidance only and does not constitute legal or financial advice.

You may also like:

  • Environment, News, Vehicle

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.
  • Data Breach, Financial, News

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.
  • News, Vehicle

Jaguar Land Rover DPF claims vs. dieselgate: What you need to know

Confused about Jaguar Land Rover DPF claims vs. Dieselgate? Learn the key differences, legal actions, and how to check if you qualify for compensation.

Latest news & insights

technician of health with blood tubes in the clinical lab for analytical / hand of doctor holding blood sample in tube test for analysis in laboratory
Nearly 200 Biobank data incidents raise concern as more private health records found online
UK Biobank data has reportedly been leaked nearly 200 times in a year. Here’s what it means for participants.
April calendar 2026 with Join the claim logo
What we’ve been working on at Join the Claim in April
A round-up of what we’ve been working on in April at Join the Claim, including new claims to watch, legal developments and practical consumer guides.
Warning road sign against a stormy sky saying Scam Alert
Scam alert update: April 2026
Stay alert this April with the latest scam warnings from Join the Claim
Smartphone on surface showing Google Play logo. Google Play is an app store.
What the Google Play Store claim means for UK users
Used the Google Play Store on an Android device between 2015 and 2024? Here’s what the UK claim against Google means for you.
Diagonal test tubes with blood with blue lids ready for test. Concept of medicine and science. 3d rendering
UK Biobank breach: can anonymised health data be traced back to you?
 UK Biobank says the leaked data was anonymised — but experts warn it may still be identifiable. Here’s why that matters.
A scientist in a white lab coat looks through a microscope in a laboratory. Another person is seen working in the background. The scene shows a busy research environment with equipment.
UK Biobank data listed for sale: what happened and what it means
 Health data from 500,000 UK Biobank participants was listed for sale online. Here’s what was exposed, what wasn’t, and why it matters.
Woman using Booking.com app
Booking.com scams explained: what “reservation hijacking” means for travellers
  A data breach at Booking.com is now being linked to a rise in so-called “reservation hijacking” scams. Here’s how to protect yourself.
employee and colleagues brainstorming how to fix employee data breach affecting systems
Employee data breaches are rising: what it means for your data
Employee data breaches are increasing across the UK. Here’s what’s happening & what it means for your personal information.
Man using smartphone to cancel subscription on digital app interface. Unsubscribe from online service membership or payment plan.
New laws will make it easier to cancel subscriptions and get refunds
New UK laws will make it easier to cancel subscriptions and get refunds. Here’s how subscription traps are being tackled.
AI concept Artificial Intelligence technology circuit motherboard chip computer
The dangers of AI: what consumers need to know
From data misuse and deepfakes to harmful content and bias, learn how AI can go wrong and what it means for your rights in the UK.
woman use booking app, booking com logo on the screen
Booking.com data breach: what travellers need to know
Booking.com has confirmed a data breach affecting customer booking details. Here’s how to protect yourself.
What claims should be on your radar in April 2026?
Several major compensation claims are developing in the UK this spring, including cases involving Apple, Amazon, Steam and major data breaches.
Rightmove website on the display of PC
Rightmove £1.5bn claim filed: what estate agents need to know
A £1.5bn legal claim has been filed against Rightmove, accusing the property giant of charging excessive fees to estate agents. Here’s what’s happening and what it could mean.
Hands, phone and person in home with scrolling, social media
Meta blocks ads linked to social media addiction lawsuits
Meta has removed adverts from law firms seeking clients for social media addiction lawsuits, following recent legal setbacks in the US.
There is wood cube with the word Opt out. It is as an eye-catching image.
Opt-out collective actions could add billions to the UK economy
Join the Claim is bringing together major UK opt-out collective actions so consumers can check what claims exist and whether they could be affected.
View all news

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a trading name of Join the Claim Limited, authorised and regulated by the Financial Conduct Authority (FRN: 1053404). Registered in England and Wales, Company No: 16245278. Registered office: 32 Eyre Street, Sheffield, S1 4QZ.

© Join the Claim All Rights Reserved |

2026
Go to claims