Financial platform Prosper has confirmed a major data breach impacting over 17.6 million people, exposing sensitive personal information.
Quick Summary – TLDR:
- Peer-to-peer lending platform Prosper suffered a cyberattack, affecting 17.6 million customers and applicants.
- Exposed data includes Social Security numbers, government IDs, income details, and more.
- The breach did not impact funds or account access, according to Prosper.
- Free credit monitoring will be offered once the full scope of the breach is determined.
What Happened?
On September 2, 2025, Prosper detected unauthorized activity on its systems. The peer-to-peer lending platform, which has facilitated over $30 billion in loans since 2005, later confirmed that hackers had accessed customer data through improper queries to its internal databases. While Prosper initially withheld the number of affected individuals, breach-tracking site Have I Been Pwned later reported that 17.6 million email addresses were compromised.
New breach: Prosper had 17.6M unique email addresses breached in an incident they detected and disclosed last month. Data included other customer info including SSN. Customer accounts and funds were not impacted. 84% were already in @haveibeenpwned. More: https://t.co/kWOreMt2xw
— Have I Been Pwned (@haveibeenpwned) October 16, 2025
Customer Data Compromised in Major Attack
Prosper confirmed that sensitive and proprietary data was stolen, including:
- Names
- Dates of birth
- Social Security numbers
- Government-issued IDs
- Employment status and income levels
- Credit status
- Physical addresses and IP addresses
- Browser user agent details
- Email addresses
The company stressed that no customer accounts or funds were accessed during the data breach and that its customer-facing operations were not affected. A spokesperson stated:
Although Prosper acknowledged the report by Have I Been Pwned, it said it was “not able to validate” the exact scope and is continuing to investigate.
Who Is Behind the Attack?
The breach was attributed by Have I Been Pwned to a threat actor known as Hiron, although Prosper has not confirmed this publicly. The identity and intent of the hacker or group remain under investigation by both the company and U.S. law enforcement.
What Is Prosper Doing About It?
In response to the breach, Prosper stated:
“We have evidence that confidential, proprietary, and personal information, including Social Security Numbers, was obtained, including through unauthorized queries made on Company databases that store customer information and applicant data.”
The company has:
- Reported the breach to federal authorities.
- Taken systems offline to block further unauthorized access.
- Promised free credit monitoring for affected users, once the full impact is assessed.
Prosper has assured customers that uninvested funds remain FDIC insured and available for withdrawal, while invested funds will be repaid over the term of the loans, as per the standard procedure.
What You Can Do to Stay Safe?
With such extensive personal data compromised, affected users are at risk of identity theft and phishing scams. Experts recommend these steps:
- Change your passwords, especially for financial or email accounts.
- Enable two-factor authentication.
- Avoid storing card details on websites.
- Verify all vendor communications.
- Monitor your credit and set up identity theft alerts.
SQ Magazine’s Takeaway
Honestly, this breach is a serious wake-up call. Prosper may have prevented the worst-case scenario of stolen funds, but the personal data exposed here is a goldmine for cybercriminals. From phishing to full-on identity theft, the risks are real. I’d strongly advise anyone who’s used Prosper to take protective steps immediately. And let’s be clear: companies handling our sensitive info need to step up their security game. Too many are reactive instead of proactive. This shouldn’t be the new normal.
