PayPal announced that a data breach at TIO Networks, its recently acquired payment processor, could have compromised the identity of more than 1.6 million customers.
This announcement makes it clear why PayPal chose to suspend operations of TIO Networks in early November. PayPal sent out a press release that the suspension was done to “protect customer data” and that there was an “ongoing investigation” of the TIO platform. It seems like this investigation found that there was unauthorized access into the system, including into areas where customer information was stored.
PayPal purchased TIO in July for $238 million. It is not clear as to whether this data breach occurred before or after the sale, or if TIO was aware of the breach before it was acquired.
In PayPal’s press release, it was initially not specified as to what information could have been compromised. However, TIO Networks posted an FAQ page on its website which says Social Security numbers were exposed and stolen. People who were affected by this are now eligible for two years of free credit monitoring. Those who were involved in the breach, but who did not have their SSNs compromised, are eligible for one year of free credit monitoring.
PayPal’s senior manager of corporate communications, Justin Higgs, later clarified what PayPal knows about the breach. He says that the compromised data includes bank account information, payment card information, passwords and usernames for accounts, and Social Security numbers. Additionally, he said that PayPal has not found any proof whatsoever that data was actually taken or stolen from the TIO network. However, he also said that there is evidence that the information could have been exposed. Thus, they are treating it as a data breach.
PayPal also announced that it is taking steps to directly notify any individual who was affected by this. They are also contacting retailers, billers, and agents. PayPal additionally said that its own system was not impacted at all by this situation, and that all PayPal customer data is safe and that customers of PayPal have nothing to worry about based on this breach at TIO.