Prosper Data Breach: What Happened, What Was Exposed, and What You Should Do Now

Prosper (Prosper Marketplace / Prosper Funding LLC), a San Francisco–based online lending platform, disclosed a significant cybersecurity incident in September 2025 that exposed customer and applicant data, including U.S. Social Security numbers (SSNs), and impacted an estimated 17.6 million unique email addresses.

What Happened?

According to Prosper’s SEC 8-K filing and follow-up statements, an unauthorized third party accessed internal systems around September 1, 2025. The company contained the incident, launched a forensic investigation, and informed regulators by mid-September.

Legal and cybersecurity summaries published afterward confirmed that confidential personal information (PII) was accessed, including SSNs and contact details of borrowers, investors, and loan applicants.

What Data Was Exposed?

While Prosper continues to finalize the scope, early reports indicate the following categories of data may be involved:

  • Names and contact information (email, address, phone)
  • Dates of birth
  • U.S. Social Security numbers (SSNs)
  • Loan or financial application details (limited scope under review)

Prosper emphasized that no customer funds or active accounts were compromised and that all platform services remained operational throughout the investigation.

How Many People Are Affected?

Breach-tracking databases associate the Prosper incident with approximately 17.6 million unique email addresses.
This figure likely includes current and former borrowers, investors, and loan applicants who interacted with Prosper’s services over the years.

Timeline of the Prosper Breach

  • September 1, 2025: Unauthorized access detected.
  • September 17, 2025: Prosper files SEC 8-K disclosure and begins notifying affected individuals.
  • Late September – October 2025: Law firms and watchdogs publish breach analyses; investigation ongoing.

Is My Data in the Prosper Breach?

Prosper has been emailing affected borrowers, investors, and applicants since September 17, 2025.
If you’ve received an email notice, assume your information was exposed and follow the protection steps below.

You can also check whether your email address appears in breach-monitoring tools or trackers that recently added the Prosper data set (17.6M unique records).
Keep in mind: an appearance in such a database doesn’t necessarily confirm SSN exposure.

What You Should Do Now

  1. Enable Two-Factor Authentication (2FA) on your Prosper and banking accounts.
  2. Place a fraud alert or credit freeze with a major U.S. credit bureau.
  3. Use Prosper’s offered credit monitoring service if included in your notification.
  4. Watch for new-account fraud or unfamiliar credit inquiries.
  5. Be cautious of phishing attempts mimicking Prosper communications.
  6. Change reused passwords immediately and start using a password manager.

Why This Breach Matters

Prosper is one of the longest-standing peer-to-peer lending platforms in the U.S.
The exposure of SSNs and full PII increases the risk of identity theft and financial fraud, despite Prosper reporting no account breaches to date.

The company’s decision to disclose the event through an SEC 8-K filing highlights how cybersecurity incidents have become material events for financial institutions, underscoring the importance of data security in the fintech sector.

Sources

Worried about your online data? Run a leak check now at check.amihacked.com and protect your online security today.

Leave a Reply

Your email address will not be published. Required fields are marked *