PayPal confirmed that one of the companies it owns, TIO Networks, suffered a security breach, hackers have accessed servers that stored information for 1.6 million customers.
The company TIO Networks was recently acquired by PayPal for $238 million, it is a Canadian firm that runs a network of over 60,000 utility and bills payment kiosks across North America.
On November 10, PayPal suspended the operations of TIO’s network due to the discovery of “security vulnerabilities” affecting the TIO platform and issues with TIO’s data security programme that does not follow PayPal’s security standards.
“While we apologise for any inconvenience this suspension of services may cause, the security of TIO’s systems and the protection of TIO’s customers are our highest priorities.” said TIO Networks.
“We are working with the appropriate authorities to safeguard TIO customers.”
“The PayPal platform is not impacted by this situation in any way and PayPal’s customers’ data remains secure.
“Our investigation is ongoing. We will communicate with TIO customers and merchant partners directly as soon as we have more details. Customer updates will also be posted at www.tio.com.”
The Canadian firm disclosed the data breach, but did not provide any other details.
On Friday, December 1, PayPal published a press release that includes more details on the hack.
“PayPal Holdings, Inc. (Nasdaq: PYPL) today announced an update on the suspension of operations of TIO Networks (TIO), a publicly traded payment processor PayPal acquired in July 2017. A review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.” reads the press release.
“The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure.”
PayPal confirmed that the attackers stole the personal information of both TIO customers and customers of TIO billers, but it avoided to disclose what type of information the hackers compromised.
Likely attackers accessed personally-identifiable information (PII) and financial details.
PayPal is notifying affected customers of the data breach and is offering free credit monitoring memberships.
The customers of TIO Networks can visit the TIO Networks website for more information on the data breach.
“TIO has also begun working with the companies it services to notify potentially affected individuals, and PayPal is working with a consumer credit reporting agency to provide free credit monitoring memberships. Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.” continue the Press Release.
(Security Affairs – TIO Networks, data breach)