Security Vulnerability
December 4, 2017 by

PayPal’s TIO Data Breach Affects 1.6 Million Customers

PayPal-acquired TIO, a Canadian payments processing company, has suffered a data breach that sees the personal information of some 1.6 million customers stolen by malicious hackers.

PayPal has revealed details of a review of data breach of TIO, a Canadian payments processing firm that was acquired by PayPal for some $238 million in cash in July. The forensic analysis has revealed that the breach is likely to have compromised the details of about 1.6 million users – including locations that stored personal data of TIO customers and billers’ customers. For context, TIO has over 60,000 utility and bill payment kiosks across North America.

Upon discovering that TIO’s data security program “did not adhere to PayPal’s information security standards”, the company suspended TIO’s operations after spotting several security vulnerabilities in November. As TIO’s platform is fundamentally a payments system, it’s highly likely that hackers obtained both personally-identifiable information (PII) and financial details.

While the company did not specify when or how the breach occurred, PayPal moved to confirm that its own network was not impacted by the data breach “TIO systems are completely separate from the PayPal network and PayPal’s customers’ data remains secure,” PayPal said in a statement.

TIO is in the process of notifying affected customers by working with the companies it services. PayPal is also working with consumer credit reporting agency Experian to offer impacted customers free credit monitoring memberships.

“Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring,” PayPal said. The payments giant also added that TIO’s services “will not be fully restored until we are confident in the security of the TIO systems and network”.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

PayPal Patches Two-Factor Authentication Vulnerability

 PayPal has patched a vulnerability that allowed an attacker to bypass the website’s...

Read more arrow_forward

Better Smartphone Security Through Biometrics

Biometric technology is slowly entering our lives via our smartphones. Does is add enough security?

Read more arrow_forward