TIO Networks, a payment processing company acquired by PayPal earlier this year, has suffered a data breach which may have affected 1.6 million users.
PayPal made the announcement recently, stating that “A review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.” The company was quick to point out that PayPal’s own platform is separate from TIO’s system, so PayPal customers are unaffected by this breach.
TIO has posted a consumer FAQ about the breach on its website. Unfortunately, this isn’t the type of breach which is quickly identified and resolved. TIO’s operations have been suspended since Nov. 10, “to protect customer data as part of an ongoing investigation of security vulnerabilities of the TIO platform,” and they are still suspended.
That investigation uncovered unauthorized access of the network, which included “locations that stored personal information of some of TIO’s customers and customers of TIO billers.” There are no further details on exactly what personal information was accessed.
TIO is currently contacting customers who were affected by the breach, and they’re offering free Experian credit monitoring for 12 months — 24 months to customers whose social security numbers were exposed.
Despite finding the breach — and starting the process of notifying affected customers —those who use TIO systems for bill payment procedures will still have to find alternatives for the time being. TIO has said it will not restore its services until it is “confident in the security of the TIO systems and network.”
PayPal paid $233 million for the Vancouver-based TIO Networks, and the acquisition was completed in July. While PayPal users aren’t affected by this breach, it’s certainly troublesome — and embarrassing for PayPal — that the company has announced such a major breach less than six months after the acquisition took place.
Affected users should consider signing up for the free credit monitoring option, but those who do not should at least obtain a free credit report and closely check their accounts for fraudulent charges.