Security Vulnerability
December 4, 2017 by

PayPal’s TIO Data Breach Affects 1.6 Million Customers

PayPal-acquired TIO, a Canadian payments processing company, has suffered a data breach that sees the personal information of some 1.6 million customers stolen by malicious hackers.

PayPal has revealed details of a review of data breach of TIO, a Canadian payments processing firm that was acquired by PayPal for some $238 million in cash in July. The forensic analysis has revealed that the breach is likely to have compromised the details of about 1.6 million users – including locations that stored personal data of TIO customers and billers’ customers. For context, TIO has over 60,000 utility and bill payment kiosks across North America.

Upon discovering that TIO’s data security program “did not adhere to PayPal’s information security standards”, the company suspended TIO’s operations after spotting several security vulnerabilities in November. As TIO’s platform is fundamentally a payments system, it’s highly likely that hackers obtained both personally-identifiable information (PII) and financial details.

While the company did not specify when or how the breach occurred, PayPal moved to confirm that its own network was not impacted by the data breach “TIO systems are completely separate from the PayPal network and PayPal’s customers’ data remains secure,” PayPal said in a statement.

TIO is in the process of notifying affected customers by working with the companies it services. PayPal is also working with consumer credit reporting agency Experian to offer impacted customers free credit monitoring memberships.

“Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring,” PayPal said. The payments giant also added that TIO’s services “will not be fully restored until we are confident in the security of the TIO systems and network”.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

PayPal Patches Two-Factor Authentication Vulnerability

 PayPal has patched a vulnerability that allowed an attacker to bypass the website’s...

Read more arrow_forward

Better Smartphone Security Through Biometrics

Biometric technology is slowly entering our lives via our smartphones. Does is add enough security?

Read more arrow_forward