PayPal’s TIO Data Breach Affects 1.6 Million Customers

Security Vulnerability

PayPal-acquired TIO, a Canadian payments processing company, has suffered a data breach that sees the personal information of some 1.6 million customers stolen by malicious hackers.

PayPal has revealed details of a review of data breach of TIO, a Canadian payments processing firm that was acquired by PayPal for some $238 million in cash in July. The forensic analysis has revealed that the breach is likely to have compromised the details of about 1.6 million users – including locations that stored personal data of TIO customers and billers’ customers. For context, TIO has over 60,000 utility and bill payment kiosks across North America.

Upon discovering that TIO’s data security program “did not adhere to PayPal’s information security standards”, the company suspended TIO’s operations after spotting several security vulnerabilities in November. As TIO’s platform is fundamentally a payments system, it’s highly likely that hackers obtained both personally-identifiable information (PII) and financial details.

While the company did not specify when or how the breach occurred, PayPal moved to confirm that its own network was not impacted by the data breach “TIO systems are completely separate from the PayPal network and PayPal’s customers’ data remains secure,” PayPal said in a statement.

TIO is in the process of notifying affected customers by working with the companies it services. PayPal is also working with consumer credit reporting agency Experian to offer impacted customers free credit monitoring memberships.

“Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring,” PayPal said. The payments giant also added that TIO’s services “will not be fully restored until we are confident in the security of the TIO systems and network”.

Image credit: Pixabay.