Breach taxonomy
Summary
On September 1, 2025, Prosper Marketplace identified that an unauthorized third party gained access to company systems containing proprietary, confidential, and personal information, including Social Security numbers, obtained through unauthorized queries on customer and applicant databases. Customer-facing operations were uninterrupted and no customer accounts or funds were compromised. Prosper initiated its cybersecurity response plan, engaged outside experts, and notified law enforcement. The company was still determining the full scope of exposed records as of filing and had not yet assessed materiality. Prosper holds cybersecurity insurance.
Tagging rationale
ThreatUnknown
Filing refers to 'an unauthorized third party' without attributing the incident to any specific actor category -> UNKNOWN.
MethodsData Exfil
Unauthorized third party made unauthorized queries on company databases to extract customer and applicant data -> DATA-EXFIL.