PayPal is one of the many big, multi-national companies that have been through a data breach. Apparently, the service has suffered an indirect breach in its recently acquired payment processor TIO Networks. The result is that some 1.6 million customers have been affected, with their personal information being stolen.
Tio Networks is a Canadian company which was acquired as part of PayPal’s strategy for driving financial inclusion. The company has a network of 900 bill-pay kiosks, 10,000 billers, and some 65,000 walk-in locations.
PayPal Already Suspended Tio Networks Operations
PayPal has suspended the operations of TIO in November, after unearthing a range of unidentified security flaws and starting an internal investigation to inspect the platform closely. It’s now known that the breach has happened due to unauthorized access, which should come as no surprise.
An official statement was released several days ago, saying that:
PayPal Holdings, Inc. today announced an update on the suspension of operations of TIO Networks (TIO), a publicly traded payment processor PayPal acquired in July 2017. A review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.
The good news is that the PayPal platform itself has not been impacted in any way, as the “TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure”.
As visible in the statement above, the personal information of 1.6 million customers has been leaked. Most likely personally identifiable information and financial data were affected as well.
The Type of Personal Information Affected by Tio Networks Data Breach Not Known
Even though the type of leaked personal information is not revealed yet, it is known that the access is still ongoing, as stated by PayPal.
Fortunately, PayPal’s platform is safe as Tio Networks has been operating via a separate platform. An internal investigation has been initiated by a third-party cyberforensics company to analyze Tio’s payment platform and outline the specific factors that led to the data breach.
What has Tio Networks said? The company has started notifying customers that may have been affected by the breach. PayPal on the other hand has made an agreement with Experian to provide free monitoring for a year to verified victims of the incident.
“At this point, TIO cannot provide a timeline for restoring bill payment services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills,” Tio representatives said, adding that they are truly sorry for the inconvenience.