Hackers stole the personal data of more than 17.6 million people by breaching the systems of the financial company Prosper. The stolen data included names, addresses, dates of birth, email addresses, Social Security numbers, IDs, and more.
Prosper operates as a P2P lending platform (meaning users issue and receive loans directly, without banks) and since 2005 has helped more than two million customers obtain over $30 billion.
Just last month, the company reported that it had detected a compromise of its systems on September 2, 2025, and contained the issue. At the time, it said that attackers had stolen data belonging to customers and borrowers. However, the company is not disclosing exactly what information was taken, beyond Social Security numbers, since the incident is still under investigation.
Prosper has notified regulators about the incident and is cooperating with law enforcement.
“We have evidence that confidential and personal data, including Social Security numbers, were stolen. Access was carried out through unauthorized queries to databases that store information about customers and loan applications. Once we determine exactly which data were affected, all impacted individuals will be offered free credit monitoring,” Prosper said in a statement.
Prosper also did not specify exactly how many customers were affected by this attack. However, the data breach aggregator Have I Been Pwned (HIBP) reports that the incident affected data for 17.6 million unique email addresses.
According to HIBP, the hackers obtained: email addresses, usernames, identity document details, employment information, credit history, income level, date of birth, place of residence, IP addresses, and browsers.
Prosper representatives told the media that the company is aware of the Have I Been Pwned publication; however, it is not yet possible to confirm or deny this information due to the ongoing investigation.