Vancouver, Canada-based TIO Networks, PayPal’s recently-acquired payment processor, revealed last week that up to 1.6 million customers may have had their personal information compromised in a data breach.
The company said in a statement that hackers had accessed “locations that stored personal information of some of TIO's customers and customers of TIO billers.”
Details of the compromised data is not known yet, as the investigation is ongoing. However, it is feared that the data could contain personally identifiable information (PII), or financial data. TIO Networks was acquired by PayPal in July 2017, at a cost of $238 million. TIO Networks exists under PayPal's “umbrella” but operates as a separate company, and supports roughly 16 million customer billing accounts.
PayPal announced the suspension of TIO Networks' operations last month due to “PayPal's discovery of security vulnerabilities on the TIO platform and issues with TIO's data security program that do not adhere to PayPal's information security standards.”
TIO had not yet been integrated into PayPal’s business, fortunately, so users of the latter were not affected. PayPal is conducting an internal investigation, and hired a third-party cyber-forensics company. They are also providing one year of credit monitoring for those affected. TIO has not released a timeline to restore services, and urged their customers to find alternative ways to pay their bills in the meantime.