PayPal
July 1, 2025
•[ data exposure, software error, personally identifiable information ]
PayPal disclosed that a software error in its PayPal Working Capital (PPWC) loan application exposed sensitive personal information, including Social Security numbers, for nearly six months in 2025. The exposure window was reported as beginning July 1, 2025 and ending when PayPal fixed/rolled back the problematic code and blocked further access on December 13, 2025. PayPal stated it notified affected customers and offered credit monitoring, and reporting noted some accounts showed unauthorized activity that PayPal said it reimbursed. The incident was characterized as a data exposure caused by an application error rather than a compromise of PayPals broader systems.
ARC Community Services
November 4, 2024
•[ unauthorized activity, data breach, protected health information ]
ARC Community Services disclosed it became aware of unauthorized activity in its network on November 4, 2024 and initiated incident response actions, including taking systems offline until operations could be safely restored. During the ensuing investigation and data review, ARC determined that files containing protected health information (PHI) were taken from its network. The potentially affected PHI varies by individual but may include contact information (name/address), date of birth, medical record number, health information, drivers license number, and financial account information.
