In a development that has left parts of the fintech community unsettled, PayPal has confirmed a data breach tied to its Working Capital system—one that went unnoticed for nearly six months.

Beginning July 1, 2025, a threat actor reportedly gained unauthorized access to internal systems related to the PayPal Working Capital (PPWC) loan application process. According to notification emails now landing in inboxes, the attacker’s access continued until December 12, 2025, when the company finally uncovered the intrusion.

The notification letter, first reported by cybersecurity outlets such as Bleeping Computer, states that the breach stemmed from an “error” associated with PPWC applications. Despite earlier statements that “PayPal’s systems were not compromised,” the company later clarified—somewhat contradictorily—that it had “terminated the unauthorized access to PayPal’s systems” after investigation.

ALSO READ : “She Never Made It Out…” Albany House Fire Claims Woman’s Life as Family Pleads for Help to Bring Her Home

What Information Was Exposed?

Customers affected by the breach may have had the following sensitive data accessed:

• Name
• Email address
• Phone number
• Business address
• Social Security number
• Date of birth

A spokesperson confirmed that around 100 customers sustained unauthorized transactions linked to the incident. Refunds have already been issued. While this number is relatively small compared to PayPal’s global user base, the nature of the data accessed raises long-term security concerns.

Passwords Reset, Monitoring Offered

In response, PayPal has reset passwords for impacted users, meaning some customers may now encounter login prompts requiring new credentials. Additionally, the company is offering two years of complimentary credit monitoring and identity restoration services through Equifax—a gesture some users may view as small comfort given the depth of exposed personal information.

Security Advice From PayPal—Relevant to Everyone

The breach notification included a list of recommendations that all online users, not just the affected 100, would be wise to revisit:

• Use unique usernames and passwords for every platform.
• Change your password immediately if you detect unusual activity.
• Avoid clicking links in emails, even if they appear legitimate—visit the website directly instead.
• Be cautious with messages demanding urgent action, especially those pushing you to verify information instantly.
• Never share your PayPal username, password, or one-time codes over calls, texts, or emails.

Security analysts also stress the importance of enabling passkeys, where available, offering stronger protection against credential-based attacks.

A Wake-Up Call for Digital Payments

Although the breach affected a relatively small number of users, it underscores the increasingly urgent reality of cyber threats facing major financial platforms. Digital payment ecosystems depend heavily on trust—and incidents like this remind everyone how fragile that trust can be when internal vulnerabilities linger for months undetected.

PayPal advises all customers to remain vigilant, review recent account activity, and ensure security settings—including two-factor authentication or passkeys—are fully enabled.

ServiceNow has agreed to acquire cybersecurity startup Armis for $7.75 billion, marking the largest acquisition in ServiceNow’s history as it accelerates its expansion into security and artificial intelligence.

The Santa Clara, California–based company will pay all cash for the San Francisco–based firm, according to a statement released Tuesday, confirming an earlier report by Bloomberg News. The transaction is expected to close in the second half of 2026, subject to regulatory approvals and customary closing conditions.

Market reaction and deal financing

ServiceNow shares slipped about 1.3% in early premarket trading in New York following the announcement. The stock had closed up roughly 0.9% on Monday, valuing the company at approximately $163 billion.

ServiceNow said it plans to fund the acquisition through a combination of cash on hand and debt, underscoring its confidence in Armis’ long-term growth and strategic value.

What Armis brings to ServiceNow

Founded by veterans of Israeli military cyber intelligence, Armis specializes in identifying, monitoring and securing connected devices across complex digital environments. Its platform is widely used in sectors including healthcare, financial services, manufacturing, and defense, where visibility into unmanaged or vulnerable devices is critical.

Earlier this month, Armis CEO Yevgeny Dibrov said the company had reached $300 million in annual recurring revenue, up from $200 million a year earlier. Despite the rapid growth, Armis had been planning a public listing in 2026, a goal now superseded by the ServiceNow deal.

ServiceNow’s broader AI and security push

ServiceNow has been steadily transforming itself into a dominant enterprise workflow and automation platform. In March, the company agreed to acquire AI startup Moveworks for $2.85 billion, a move aimed at building autonomous AI tools capable of completing workplace tasks without human intervention.

“ServiceNow is building the security platform of tomorrow,” said Amit Zavery, the company’s president, chief operating officer, and chief product officer.

“Together with Armis, we will deliver an industry-defining cybersecurity shield that provides real-time, end-to-end proactive protection across all technology estates,” Zavery said.

Cybersecurity dealmaking accelerates

The Armis acquisition comes amid a surge in large cybersecurity transactions, driven by growing enterprise demand and the rising use of AI to detect and counter hacking threats.

In recent months:

• Alphabet agreed to buy cloud security firm Wiz for $32 billion
• Palo Alto Networks struck a deal to acquire CyberArk for about $25 billion

Armis itself was acquired in 2020 by Insight Partners in a deal valued at $1.1 billion, alongside investors including CapitalG. Private equity firm Thoma Bravo had also explored a potential investment, with Armis executives previously saying they were evaluating multiple offers.

What’s next

Once completed, the acquisition is expected to significantly strengthen ServiceNow’s security portfolio, positioning the company as a key player in AI-powered enterprise cybersecurity at a time when digital infrastructure risks are multiplying.

When Disney announced a three-year alliance with OpenAI, including a reported $1 billion investment and licensing its iconic characters for use in AI-generated images and short videos, the deal left many observers puzzled. After all, recent content partnerships between OpenAI and platforms like Reddit have raised uncomfortable questions about whether the money is worth the long-term competitive and brand risks.

But Disney’s deal makes far more sense when viewed through a lens the company understands better than almost anyone: merchandising.

For decades, Disney has mastered the art of turning intellectual property into obsession, engagement, and spending. Toys, backpacks, lunchboxes, theme parks, movies, cruise lines — all are part of a tightly controlled ecosystem designed to keep fans immersed. With OpenAI, Disney isn’t abandoning that playbook. It’s updating it.

Instead of plastic figurines, the new merchandise is synthetic content — AI-generated images and videos created by fans themselves using ChatGPT and Sora, OpenAI’s text-to-video generator. Anyone can now generate Disney-adjacent creative output, but under rules that Disney helps define.

AI as the Next Merchandising Channel

At first glance, allowing fans to generate content featuring Disney characters may appear risky, especially for a company long known as a highly curated, “predator-free” brand sanctuary in an internet dominated by chaotic user-generated content — or what critics increasingly call “AI slop.”

Yet this is precisely why Disney’s approach stands out.

Rather than fighting AI outright, Disney is licensing its characters under controlled conditions, positioning itself inside the technology rather than outside it. In doing so, it gains something arguably more valuable than licensing fees: influence over how its IP is used.

OpenAI has publicly committed to “responsible use” of Disney’s content, reducing the risk of beloved characters being placed in offensive, bizarre, or legally risky scenarios — or interacting with rival corporate IPs in ways Disney cannot control.

At the same time, Disney has made it clear it will aggressively defend its characters elsewhere. The company recently sent a letter to Google demanding it stop using Disney characters in AI-generated content without permission. The message is clear: AI use is allowed — but only on Disney’s terms.

Strategic Upside Beyond Licensing

Beyond brand protection, the OpenAI alliance offers Disney several strategic advantages.

First, by taking an equity stake, Disney is effectively hitching its future to the first major AI mover in consumer-facing generative technology. If OpenAI becomes as foundational as search or social media, Disney isn’t just a customer — it’s a stakeholder.

Second, Disney gains access to OpenAI’s tools, opening new creative and operational possibilities across film, television, marketing, and theme park experiences. In an industry under constant pressure to produce more content faster, AI-assisted workflows could become a competitive necessity.

There is also a discovery angle. If fans create something genuinely magical using Disney IP, the company can surface that work on its streaming platforms or internal creative pipelines. Just as YouTube became a feeder system for Hollywood talent, AI could quietly become a testing ground for future Pixar, Marvel, or animation concepts.

Engagement Over Everything

Critics will argue that Disney is aligning itself with what many still see as the entertainment industry’s newest villain. And history suggests that user-generated ecosystems inevitably produce strange, uncomfortable, or downright bizarre content.

But Disney’s calculus is simple: engagement beats purity.

Even if some brand dilution occurs, the upside of keeping millions of users actively interacting with Disney characters — thinking about them, remixing them, and emotionally investing in them — far outweighs the risks. Every AI-generated image or short video becomes another touchpoint in the Disney funnel, nudging users toward movies, merchandise, theme parks, and subscriptions.

As the company has proven time and again, Disney doesn’t need to control every moment — it just needs to own the ecosystem those moments live in.

A Template for Future AI Deals

Ultimately, Disney’s OpenAI alliance may become the template for how major IP holders navigate the AI era. Rather than blocking generative tools outright or selling content libraries cheaply, Disney is treating AI as the next distribution and merchandising layer.

The pipeline that once ran from movies to toys to theme parks now runs through algorithms, prompts, and synthetic media. AI is no longer outside the business. It is part of the machine.

And if Disney’s history is any guide, once the House of Mouse embraces a platform, it rarely lets go.