Prosper, the U.S.-based peer-to-peer lending platform, has confirmed a major data breach affecting roughly 17.6 million accounts. According to cybersecurity platform Have I Been Pwned, hackers accessed Prosper’s network, stealing a vast range of sensitive information including names, addresses, dates of birth, email addresses, Social Security numbers, and government-issued IDs.
The company first disclosed the incident last month, explaining that the attackers infiltrated its database containing customer and applicant information. Prosper noted that while no customer accounts or funds were directly accessed, the breach did expose confidential personal data.
Prosper emphasized that its systems were quickly secured and that no unauthorized activity has been detected since September 2. Law enforcement has been notified and is actively involved in the ongoing investigation.
The compromised data, now listed on Have I Been Pwned, reportedly includes full names, home and IP addresses, employment and income details, credit statuses, and even browser user agent strings, indicating the attack may have exposed more than just identity data.
“We continuously monitor accounts and maintain strong safeguards to protect customers’ funds,” Prosper said, stressing that no fraudulent transactions have been detected so far.
Prosper stated it is still reviewing the scope of the incident to determine precisely which users were affected. The lender said it will offer free credit monitoring to those impacted once the analysis is complete.
The breach underscores growing cybersecurity risks across the fintech industry, particularly for digital lending platforms that handle large volumes of sensitive financial and identity data.
