PayPal disclosed a data breach caused by an internal coding error (CWE-284, CWE-285) that exposed customer personal information and enabled unauthorized financial transactions, with confirmed fund theft; no CVE has been assigned and the specific application version affected has not been publicly confirmed. Organizations using PayPal for business payments or expense reimbursement should audit recent transaction history for unauthorized activity, review linked account and payment method exposure, and assess data protection notification obligations if customer PII was involved in any integrated PayPal flows. Long-term, the incident warrants a review of internal authorization logic in payment-adjacent applications against CWE-284 patterns within your own SDLC.