The disclosure comes less than a month after PayPal suspended TIO Network’s operations when it found security vulnerabilities.
PayPal has revealed that its recently acquired company TIO Networks has suffered a data breach compromising the personal information of 1.6 million customers. PayPal bought the Canadian payment processing company, which has over 60,000 utility and bills payment kiosks across North America, for $238m (£177m) in cash in July.
On Friday, 1 December, PayPal said a review of TIO’s network showed evidence of a breach that may have compromised the details of about 1.6 million users, including locations that stored personal data of TIO customers and customers of TIO billers.
The company did not specify when or how the breach took place and did not reveal details of the type of information accessed by the hackers either.
PayPal noted that its own platform was not affected by the breach. “TIO systems are completely separate from the PayPal network and PayPal’s customers’ data remains secure,” the company said.
On November 10, PayPal announced that it suspended TIO’s operations after it discovered security vulnerabilities in the firm’s platform and issues with its data security program that “did not adhere to PayPay’s information security standards”.
“While we apologise for any inconvenience this suspension may cause, the security of TIO’s systems and the protection of TIO’s customers are our highest priorities,” PayPal had said at the time.
TIO is currently working with the companies it services to notify affected customers. Meanwhile, PayPal is working with consumer credit reporting agency Experian to offer customers free credit monitoring memberships as well.
“Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring,” PayPal said. It added that TIO’s services “will not be fully restored until we are confident in the security of the TIO systems and network”.
“At this point, TIO cannot provide a timeline for restoring bill pay services and continues to recommend that you contact your biller to identify alternative ways to pay your bills,” TIO said. “We sincerely apologise for any inconvenience caused to you by the disruption of TIO’s service.”
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.