Prosper Data Breach: What Impacted Users Can Do Now

If you received a notice from Prosper Marketplace, Inc. or if you’re seeing headlines about a “Prosper data breach” and wondering whether you should be worried, you’re not alone.

Data breaches have become a grim fact of modern life, but when the stolen data includes the kinds of details that can be used to open accounts, file fraudulent tax returns, or impersonate you, “wait and see” isn’t a safe strategy.

Prosper has publicly stated that it discovered unauthorized activity on September 1, 2025, and later identified evidence that personal information was obtained through queries of databases storing customer and applicant data during a period between June and August 2025. Prosper also says it began sending individual notifications starting December 9, 2025, and that its analysis of the impacted data concluded on November 26, 2025.

Below you can find out more about what happened, what information may have been exposed, the real-world risks people face after a breach like this, and a practical checklist of what impacted users can do now, including contacting Morgan & Morgan to learn more about your legal options for free.

What happened in the Prosper cybersecurity incident?

According to Prosper, the company detected unauthorized activity on September 1, 2025, took steps to stop it, and brought in a cybersecurity firm to investigate. Prosper also reported the incident to law enforcement.

Prosper says it found evidence that, between June and August 2025, data containing personal information was obtained through queries made against databases that store customer and applicant data.

Prosper further states there was no evidence of unauthorized access to customer accounts and funds and that customer-facing operations continued uninterrupted.

Separately, a California Attorney General breach-notification posting lists dates of breach (if known) including April 29, 2025 and September 2, 2025 in connection with a submitted sample notice for Prosper Marketplace, Inc.

What personal information may have been involved?

Prosper reports that its analysis identified impacted data that may include (among other items):

• Name
• Social Security Number / National ID Number
• Date of birth
• Bank account number
• Prosper account number
• Other financial / credit application information
• Driver’s license number
• Marriage or birth certificate
• Passport number
• Tax information
• Payment card number

Not every impacted person will have had all of these data elements exposed. But this list matters because it includes multiple categories of “high value” identity information, particularly SSNs, DOBs, and government IDs, which can be used to commit identity theft and other fraud.

Why breaches like this can create serious, long-term risk

When a breach involves contact information alone, the biggest immediate risk is usually phishing scams, but when a breach includes SSNs, birth dates, government IDs, tax information, and financial data, the consequences can expand quickly:

• New account fraud: Thieves may attempt to open credit cards, loans, or other accounts in your name.
• Account takeover attempts: Even if Prosper says customer accounts weren’t accessed, criminals often use stolen data to try to break into other accounts—especially if passwords are reused.
• Tax-related identity theft: If “tax information” is involved, criminals may attempt to file fraudulent returns or claim refunds.
• Targeted, believable scams: After a breach, scammers don’t just send generic emails. They use stolen details to craft messages that look legitimate (for example: referencing a real address, partial identifiers, or prior applications).

This is why taking steps early, before you see suspicious activity, can make a big difference.

Step-by-step: What impacted Prosper users can do right now

1. Read the notice carefully and save it

If you received a letter or email, keep a copy. Save it as a PDF and store it somewhere safe (and ideally offline as well). If you didn’t receive a notice but believe you might be impacted, document why you think so (e.g., you were a customer/applicant, you’re seeing suspicious activity, etc.).

2. Enroll in any offered identity monitoring, then don’t stop there

Prosper states it is offering two years of complimentary credit monitoring and identity restoration services through Experian to affected individuals.

If you’re eligible, enrolling can help you catch problems sooner, but monitoring is a detection tool, not a lock on the door. You still want to take proactive steps that prevent new fraud.

3. Freeze your credit (strongly recommended)

A credit freeze helps prevent lenders from accessing your credit report to open new accounts, making it harder for identity thieves to open credit in your name. The FTC explains that credit freezes are free and last until you lift them.

If you plan to apply for credit soon, you can freeze now and temporarily lift the freeze later.

4. Consider placing a fraud alert, too

A fraud alert tells lenders to take extra steps to verify your identity before extending credit. The FTC explains you can place an initial fraud alert by contacting one of the three credit bureaus, and that bureau must tell the other two.

(Many people choose a freeze or both a freeze and a fraud alert, depending on their situation.)

5. Change passwords, especially if you reused them anywhere

Even if the breach wasn’t described as a “password breach,” a data incident can still increase your risk of phishing and account takeover attempts.

Do this:

• Change the password on your Prosper account (and any connected email account).
• If you reused that password elsewhere, change it everywhere it was used.
• Use a long, unique password and turn on multi-factor authentication where available.
  
   

6. Watch for phishing and “breach follow-up” scams

After major breaches, scammers often impersonate:

• Prosper customer support
• Credit monitoring providers
• Banks
• Government agencies
   

Red flags include:

• Pressure (“act now or you lose coverage”)
• Requests for your SSN or full banking information over email/text
• Links that don’t look right
• Attachments you weren’t expecting

If in doubt, don’t click. Navigate to the company site directly or call a verified number from a trusted source.

7. Review financial statements and credit reports for unfamiliar activity

Prosper encourages impacted individuals to “remain vigilant” and monitor account statements and credit history for signs of unauthorized activity.

You should also consider checking:

• Bank statements
• Credit card statements
• Loan accounts
• Any “new account” emails you didn’t trigger
  
   

8. If identity theft happens, report it quickly

If you discover fraud or identity theft, the Federal Trade Commission recommends reporting it at IdentityTheft.gov, which provides step-by-step recovery guidance.

Fast reporting can help create a paper trail and make it easier to dispute fraudulent accounts.

9. Contact Morgan & Morgan

If you suffer damages as a direct result of the data breach, contact Morgan & Morgan to learn more about your legal options for free. You can hold Prosper accountable for negligent data security and fight to recover compensation for your losses and other related expenses.

Common warning signs to take seriously

Not everyone will see immediate harm, but if any of the following occur, treat it as urgent:

• A lender contacts you about credit you didn’t apply for
• You receive bills for accounts you don’t recognize
• Your bank flags suspicious transfers or login attempts
• You stop receiving mail (possible address change fraud)
• You can’t log into an account because credentials were changed
• Your credit score drops unexpectedly

How a data breach claim may help impacted users

When companies collect and store sensitive personal information, they have responsibilities that go beyond “we’re sorry this happened.” 

A breach can create real costs for consumers, time spent disputing fraud, money spent on protections, and the stress of being at risk for years.

Depending on the facts, impacted users may be able to pursue legal action to seek compensation related to harms stemming from the exposure of their personal information and to push for stronger security practices going forward.

Morgan & Morgan has experience handling complex cases against large organizations, and we understand what it takes to investigate incidents like this, evaluate eligibility, and pursue claims on behalf of consumers.

If you received a Prosper data breach notice, Morgan & Morgan can help

If you received a notice (or you believe your information was exposed) and you’re dealing with suspicious activity or you simply want to understand your rights, Morgan & Morgan can review what happened, help you evaluate next steps, and explain potential options available to you.

You shouldn’t have to shoulder the risk of identity theft alone when a company’s systems are compromised. If you were impacted by the Prosper data breach, contact Morgan & Morgan for a free case evaluation to discuss your situation.