Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users.
Prosper is a U.S.-based peer-to-peer lending platform that connects individual borrowers with investors. Founded in 2005 and headquartered in San Francisco, Prosper allows people to apply for personal loans online, while investors can fund portions of those loans to earn interest. It was one of the first major P2P lending marketplaces in the U.S.
The company disclosed a data breach that impacts 17.6 million accounts. According to the data breach notification service Have I Been Pwned (HIBP), stolen data includes names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information.
“In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers.” states HIBP. “Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. “
The company notified law enforcement and is investigating the incident with the help of a leading cybersecurity firm.
Prosper said customer accounts and funds remain secure and operations are unaffected. Hackers accessed databases containing personal and proprietary data, including Social Security numbers. The company plans to offer free credit monitoring once the impacted data is confirmed.
“Recently, we discovered unauthorized activity on our systems. As soon as we detected this, we acted quickly to stop the activity and strengthen our security measures, and we began working with a leading cybersecurity firm to investigate what happened. We also reported the incident to law enforcement and have offered our full cooperation.” reads the notice published by the company.
“There is no evidence of unauthorized access to customer accounts and funds, and our customer-facing operations continue uninterrupted. We have evidence that confidential, proprietary, and personal information, including Social Security Numbers, was obtained, including through unauthorized queries made on Company databases that store customer information and applicant data. We will be offering free credit monitoring as appropriate after we determine what data was affected. We continuously monitor accounts and have strong safeguards in place to protect customers’ funds.”
The investigation into the incident is still ongoing. At this time, no ransomware groups claimed responsibility for the attack.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Laisser un commentaire